security

Philly ETE 2019 – Noopur Davis – Building Security In: DevSecOps

Abstract Many believe that better security comes from robust independent gating, but DevOps has proven that you can safely deploy orders of magnitude faster without human gating. Comcast uses a DevSecOps approach which focuses on automation, speed and team ownership of end-to-end product security lifecycle. It’s agile and developer-focused. It’s about building security in rather … Read More

Philly ETE 2016 #35 – Jean Yang – Securing Software by Construction

This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.

DevNews #59 – Bugs made of paper and graphine transistors – does the NSA know?

YEAH! Integrating yeoman-style projects into a larger maven build – Addy Osmani comes up with the goods. Making Maven Grunt We buried the lead – NSA can get to everything Joel brings up the counter-point, an article by ARS. Vertx 2.0 Q&A on InfoQ w/Tim Fox – As per last week’s episode, Vert.X is an … Read More

Chariot DevNews Episode #50 – Phones hacked, security and passwords, and more

It’s our 50th episode! More to come, now weekly. Send us feedback on @techcast. Topics ARS – You can crack iPhone auto-generated hotspot passwords in seconds – http://arstechnica.com/security/2013/06/new-attack-cracks-iphone-autogenerated-hotspot-passwords-in-seconds/ Android phone #s breeched by Facebook app – http://www.darkreading.com/mobile/android-phone-numbers-leaked-by-facebook/240157723 – ARS – The more complex the rules, the more annoying, and is it really more effective than just a longer … Read More

Chariot DevNews Episode #48 – Big Data all over the place

It’s the big return of the regular DevNews this week. My co-host Joel Confino and I discuss lots of big data stuff, including: They hype it, then they try to kill it – Why Big Data is not truth – just using Big Data techniques doesn’t make it easy to select good data to begin … Read More

Web Application Security

The recent news that the popular dating site Plenty Of Fish was hacked and that passwords and other user information was stolen truly disheartened me. It was just the latest in a seemingly endless list of such hacks over the years, recently including Gawker Media (Lifehacker, Gizmodo), McDonald’s, Walgreen’s and Pizza Hut. Apparently, Little Bobby … Read More