Optimizing your NGINX setup with a tuned ModSecurity / Core Rule Set installation.
How to find the best Software Composition Analysis (SCA) for your organization
Best practices for quick remediation and response
Testing to prevent vulnerable open source libraries.
Fixing vulnerable open source packages.
When and how to test your application for open source vulnerabilities.
Understanding known vulnerabilities in open source packages.
The O’Reilly Security Podcast: The objectives of agile application security and the vital need for organizations to build functional security culture.
The O’Reilly Security Podcast: Aligning security objectives with business objectives, and how to approach evaluation and development of a security program.
The O’Reilly Security Podcast: Recruiting and building future open source maintainers, how speed and security aren’t mutually exclusive, and identifying and defining first principles for security.
Runa Sandvik shares practical lessons on how to build and foster a culture of security across an organization.
Window Snyder says security basics are hard to implement consistently, but they're worth the effort.
The O’Reilly Defender Awards celebrate those who have demonstrated exceptional leadership, creativity, and collaboration in the defensive security field.
Chris Wysopal explains how defenders can help developers create secure software through coaching, shared code, and services.
Fredrick Lee shines a light on the ways security can be allowed into the world to do more.
Watch highlights covering security, defense, culture, and more. From the O'Reilly Security Conference in New York 2017.
Katie Moussouris explains how to turn the forces that resist defense activities into the biggest supporters.
Haroon Meer says a new type of security engineering is taking root, which suggests hope for effective corporate security at enterprise scale.
Matt Stine looks at three principles of cloud-native security and explains an approach that addresses the increasing volume and velocity of threats.
The O’Reilly Security Podcast: The growing role of data science in security, data literacy outside the technical realm, and practical applications of machine learning.
The case for chatbots in the modern security operations center.
The O’Reilly Security Podcast: The multidiscliplinary nature of defense, making security accessible, and how the current perception of security professionals hinders innovation and hiring.
Chris Baker on an economic model for deterring attacks.
The O’Reilly Security Podcast: Why tools aren’t always the answer to security problems and the oft overlooked impact of user frustration and fatigue.
Jessy Irwin on making security make sense for nontechnical users.
Five questions for Josiah Dykstra on techniques to expose and invalidate misleading claims.
The O’Reilly Security Podcast: Shifting secure code responsibility to developers, building secure software quickly, and the importance of changing processes.
Are we out of the woods?
The O’Reilly Security Podcast: The open-ended nature of incident response, and how threat intelligence and incident response are two pieces of one process.
Five questions for Charles Givre on building effective security analytics programs.
The O'Reilly Security Podcast: The role of community, the proliferation of BSides and other InfoSec community events, and celebrating our heroes and heroines.
Carrying on Becky Bace’s legacy of encouraging and celebrating defenders.
Bruce Potter on why and how to build a risk assessment program.
The O’Reilly Security Podcast: The prevalence of convenient data, first steps toward a security data analytics program, and effective data visualization.
Don't overcomplicate cybersecurity. Focus on building a strong security foundation and go from there.
The O’Reilly Security Podcast: Why legal responses to bug reports are an unhealthy reflex, thinking through first steps for a vulnerability disclosure policy, and the value of learning by doing.
The O’Reilly Security Podcast: Threat hunting’s role in improving security posture, measuring threat hunting success, and the potential for automating threat hunting for the sake of efficiency and consistency.
The O’Reilly Security Podcast: How to approach asset management, improve user education, and strengthen your organization’s defensive security with limited time and resources.
Exploring the disconnect between security wisdom and user realities.
The O’Reilly Security Podcast: Key preparation before implementing a vulnerability disclosure policy, the crucial role of setting scope, and the benefits of collaborative relationships.
The benefits of employing an improvisational comedy tool in security communication.
The O’Reilly Security Podcast: How adversarial posture affects decision-making, how decision trees can build more dynamic defenses, and the imperative role of UX in security.
The O’Reilly Security Podcast: Compounding security technical debt, the importance of security hygiene, and how the speed of innovation reintroduces vulnerabilities.
The O’Reilly Security Podcast: Scaling machine learning for security, the evolving nature of security data, and how adversaries can use machine learning against us.
How service workers, HTTPS, and other techniques can help you achieve security and speed.
The O’Reilly Security Podcast: The five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs.
What is HTTP Strict Transport Security and why should you use it?
The O’Reilly Security Podcast: Focusing on defense, making security better for everyone, and how it takes a village.
Using indicators to identify campaigns by comparing attacks.
Consolidating cybersecurity for a more secure future.
The O’Reilly Security Podcast: Building systems that help humans, designing better tools through user studies, and balancing the demands of shipping software with security.
If behavioral authentication could be made to work, it could be a big part of our future.
How small-budget organizations can use large-budget approaches to harness the power of IOC data in threat intelligence.
Following these recommendations for hardening your Windows infrastructure will efficiently improve your security posture.
The O’Reilly Security Podcast: Speaking other people’s language, security for small businesses, and how shame is a terrible motivator.
The O’Reilly Security Podcast: The problem with perimeter security, rethinking trust in a networked world, and automation as an enabler.
The O’Reilly Security Podcast: Saving the Network Time Protocol, recruiting and building future open source maintainers, and how speed and security aren’t at odds with each other.
Lessons learned from 2016’s most important Linux security events.
The O’Reilly Security Podcast: Human error is not a root cause, studying success along with failure, and how humans make systems more resilient.
From disclosure to machine learning to IoT, here are the security trends to watch in the months ahead.