Techniques for securely improving page performance.
Expanding the blue team by building a security culture program.
Learn how to become an information security specialist by obtaining a CompTIA Security+ certification.
Learn what knowledge areas are covered in the CompTIA Security+ exam objectives.
Learn about the possible career opportunities once you have become Security+ certified.
Learn how you can use OpenVAS to scan your network for hosts and fingerprint their listening services to obtain access.
Learn how you can use Nmap to scan your network to find out which services and hosts are listening and may be vulnerable to compromise.
Learn computer worm malware inside and out by building your own.
Building transparency and individual choice into IoT security.
Exploring the economics of cybersecurity.
Learn how multi-factor authentication can better protect your data, and why it should be a primary consideration when choosing a cloud service provider.
Learn how to prevent potential enterprise data leakages from your cloud computing accounts.
Alex Rice on the importance of inviting hackers to find vulnerabilities in your system, and how to measure the results of incorporating their feedback.
Build regulatory compliance into development and operations, and write compliance and checks and auditing into continuous delivery, so it becomes an integral part of how your DevOps team works.
Learn this new security fuzz testing technique that leverages browser capabilities to detect cross-site scripting vulnerabilities before production deployment.
While most security professionals argue against paying the ransom, there are some cases where paying is the right choice for an organization. Learn what to consider, and how to decide.
Understand the latest ransomware delivery methods, use the latest network indicators, and detect the latest behavioral indicators.
Binu Ramakrishnan highlights current security risks and CI/CD threat modeling and presents security patterns-based techniques to mitigate these risks, including a novel idea called auth events to delegate user privileges to CI/CD workflow jobs.
Cracking the misconception that hacks are sophisticated and complex by breaking down the most common attack categories.
Using RUM to analyze HTTP vs. HTTPS in different world regions and across wireline, rural wireline, and wireless ISPs.
Lessons learned at Fastly: How to build a robust system that identifies, mitigates, contains, and properly communicates incidents to prevent recurrence.
Learn how security can be enforced at the browser level through a combination of optimization techniques and security enhancements.
Untangling common myths about modern information security.
Chris Baker discusses Internet cartography and its implications for risk and security. He focuses on building a mental model for how we know where on the network something is, what it is, and why that is important.
Zack Tollman explores the key aspects of HTTPS to help developers to take control of their HTTPS-only sites.
How to bring DevOps, security, and compliance teams together to forge a secure infrastructure for your company.
Principles of defensive configuration security.
Navigating the accelerating velocity of change in DevOps.
How to build security in as an essential part of your workflow.
Brian Sletten discusses the evolution of cryptographic tools throughout history.
Brian Sletten differentiates encoding and encryption by explaining the goals and techniques of each system.
Kelsey Gilmore-Innis shares the essential concepts behind securing your users’ data and offers examples of how she and her team applied them to Callisto.
Build security and compliance into your DevOps platforms and pipelines by applying the same processes and tools that DevOps practitioners use to automate software delivery and infrastructure changes.
Learn where the vulnerabilities are, and how to address them.
Learn the hands-on basics of securing a Hadoop cluster in AWS in this video excerpt.
Some of the most profitable decisions are made by combining data in novel ways, but creative combinations of data can also spawn unknown risks. Learn how your organization can balance risk and reward in a data-driven economy.
Knowing the difference between trusted and trustworthy is fundamental to understanding how to build secure software. In this exclusive video excerpt from Introduction to Secure Software, Brian Sletten explains the browser's transitive trust model.
Learn how to understand the threats you face by collecting, mining, organizing, and analyzing as many relevant data sources as possible. Excerpt from Crafting the InfoSec Playbook.
Good security policies do not guarantee protection against attacks. Learn why you need a strong operations security team to implement security measures.
Learn about the core operations and key principles that make up a good secret management system.
The engineering principles inherent to DevOps and continuous deployment provide the groundwork for a number effective security mechanisms.
This talk introduces Snyk Stranger, a tool that helps you track and control third-party code and security concerns.
This talk explores the motivation behind Pearson's AppSec pipeline, its implementation, and tips for getting the most from your own AppSec program.
In this webcast presentation, Gilad Rosner explores how the Internet of Things impacts privacy and, by extension, what it means for society.
Use littleBits and cloudBit to set up an environment where you can evaluate security concerns. Plus, learn about security evaluations and threat agents. Read Chapter 7 from Abusing the Internet of Things.