The security editor shares her top resources
We are currently in a time when it seems like a majority of what we do and
depend on is reliant on the Internet, whether it be IoT devices, using our
mobile devices to conduct business and connect with social media,
streaming the latest shows…the list goes on. With entertainment, work,
and connecting with others so readily at our fingertips (literally), it
also means that our devices and our data are much more vulnerable to
constant attacks and threats, since sophistication of malware is at its
If you’re in the US, you might be aware that October is National Cyber Security Awareness Month. With all of
the security events that happened in this year alone, this is a great
reminder that there’s no such thing as being too secure when it comes to
writing secure code, limiting entry points, and more—effectively
equipping yourself with the tools you need to prevent future threats (or
in the very least, preparing for the aftermath of a threat).
In this article, I compile something for everyone, whether you’re a
developer, an administrator, or even just someone who’s interested in how
security vulnerabilities occur and what can be done about it, this list
covers all of this and more. I compile a list of great resources that you
should keep in your arsenal. So, in honor of Cyber Security Awareness
Month, let’s get started!
The biggest threats from this year were splashed all across the news:
WannaCry, Petya, and NotPetya. And as of October 24, a new threat called
Bad Rabbit was reported in Europe and Asia. They all had one thing in
common: Ransomware. This rise in ransomware is alarming to note, not only
because of the sheer amount of data that is essentially being held
hostage, but the fact that businesses and enterprises have the difficult
choice of either paying their ‘kidnappers’ to get their systems back
online and getting their data back, knowing full well the data they get
back may still be compromised. Their other choice, the recommended one, is
to utilize your disaster recover plan, getting systems and data back
online from backed up data.
The top ten articles you need to read
As of October 26, 2017, the proposed list for 2017 is in its second
version, Release Candidate 2. Read the full RC2 list here: https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf
However, until RC2 has been fully accepted, it’s worth it to take a look at
the last time OWASP accepted the top ten list back in 2013. The
vulnerabilities and risks are definitely worth knowing and are still valid
as top threats.
applications with ZeroMQ
Going hybrid is one of the ways in which you can stay above the ransomware
threats. However, the cloud presents a common issue, which is how to
effectively send and receive messages across your network efficiently and
securely. Read this first article to get to know how a C library can act
as an MQ.
Scan your app to find and fix
OWASP Top 10 2013 vulnerabilities
Though you see “2013,” this is another great article you need to read as it
discusses code scanning. If you can effectively scan across your code
along with monitoring and encryption, you have a huge advantage over
stopping a breach in its tracks.
Secure and protect
Cassandra databases with IBM Security Guardium
If you’re using an Apache Cassandra
database, it’s worth it to check out this informative article.
Even if you’re not using Cassandra or Guardium, this article is full of
information on one of the number one threats: Privileged users.
Identifying and preventing
threats to your IoT devices
From authentication, including certificate-based authentication, to
authorization, to application ID validation—this three-part series
is all about that IoT security. Developers face new challenges to make
sure that IoT applications are sufficiently secure because these
applications handle a lot of sensitive data, so the focus must be on
building security into IoT applications when developers design and
implement such solutions. Take a look at this first article to get an
overview of IoT security basics.
Gain confidence about data
security in the cloud
There’s so much debate over whether moving to the hybrid cloud and its
benefits outweigh staying onsite. Though a few years passed since the
article was initially written, the author assuages any fears you might have about
making the plunge to go to the public cloud or hybrid cloud. Take note of
compliance being mentioned. Compliance is going to be a huge security
topic, come May 2018 when the General Data Protection Regulation (GDPR)
Set up a secure hybrid cloud
environment with Bluemix
This article is part of a larger series that’s really worth the read. From
a security standpoint, this article walks you through on how you can build
a secure hybrid cloud, since applications that run in a public cloud with
access from the Internet are still exposed to security risks.
Connect your Docker container
to enterprise services with the Bluemix Secure Gateway
Hey Docker and container enthusiasts, here’s one just for you. If you’re
constantly hearing about how you shouldn’t be using a container and how
it’s just not as secure, read this step-by-step guide on how you can use
Bluemix’s Secure Gateway service for your Docker container. It’s
straightforward and dives right into the steps.
Top 6 technical advantages
of Hyperledger Fabric for blockchain networks
With its evergrowing presence and its transparency, banks are moving
towards blockchain. Blockchain can deter ransomware hackers and could be
the key to stopping ransomware attacks. I should also note that we
have a Dev Center dedicated to helping you learn and develop with
blockchain. Check it out here: https://developer.ibm.com/blockchain/
Securely connect your private
VMware workloads in the IBM Cloud
This article came out right when IBM and VMware® announced this
exciting partnership, where both companies are announcing new solutions.
IBM is launching network control and visibility solutions from F5 Networks
and Fortinet, so that enterprises can continue to extend their VMware
environments, as they are, to the public cloud.
Other resources you need to check out
- Subscribe to the Security newsletter and get all the latest in events, news,
- Read the latest security tutorials and articles on the developerWorks hub.
- Find out about security events, podcasts, and webinars on Security
- See the full security capabilities that IBM Cloud has to offer and sign up for your free trial now.
- Join the security community and
interact with other security-minded individuals.
- Take courses and experiment with hands-on labs with the Security Learning Academy.
So there you have it, my top ten picks on the topic of security.
Hopefully you were able to get something from this list. Obviously, having
fool-proof code and a great immune system are things everyone knows about
and tries to implement. But it’s important to know that security is never static
and is always ever-changing. Hackers are working tirelessly to disrupt and
wreak havoc, so it’s up to you to know what the recent trends or attacks
are and how you prepare for a possible attack.