Technical library

  • spacer Filter by products, topics, and types of content

    (27 Products)

    (62 Topics)

    (4 Industries)

    (16 Types)

 

1 - 100 of 519 results | Next Show Summaries | Hide Summaries Subscribe to search results (RSS)

View Results
Title none Type none Date down
Build an Android application security test tool with Bluemix and AppScan Mobile Analyzer service
Currently, there is a significant increase in the number of mobile applications being developed. This increase creates the need for a cost-effective tool or application to do security testing and to help developers fix the identified vulnerabilities. In this tutorial, we'll discuss the IBM Bluemix AppScan Mobile Analyzer service in detail and describe how it helps developers scan and fix security issues detected in their Android applications.
Tutorial 16 Dec 2014
Using the IBM InfoSphere Guardium REST API
Organizations that use InfoSphere Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner. As of InfoSphere Guardium 9.1, the Guardium API is exposed to external systems as online RESTful web services, which provide organizations with a modern interface to expose Guardium capabilities in a Web portal or via the Cloud.
Articles 24 Nov 2014
Use IBM Security Network Protection in an OpenFlow-based Software-Defined Network
The first tutorial in this series, "Deploy IBM Security Network Protection in an Open vSwitch," explained how to configure IBM Security Network Protection into an Open vSwitch-based Software-Defined Network (SDN) environment. In this tutorial, you'll learn how to configure an SDN controller to automatically protect the virtual machines connection to an Open vSwitch.
Tutorial 07 Nov 2014
OAuth 2.0 clients in Java programming, Part 3: Authorization code grant
This multi-part series will help you develop a generic and reusable OAuth 2.0 client that can be used to interface with any OAuth 2.0-compliant server. Part 1 explained how to implement the resource owner password credentials grant. Part 2 described how to implement the client credentials grant. Now, Part 3 teaches you how to implement the authorization code grant.
Tutorial 04 Nov 2014
OAuth 2.0 clients in Java programming, Part 2: Client credentials grant
This multi-part series will help you develop a generic and reusable OAuth 2.0 client that can be used to interface with any OAuth 2.0-compliant server. Part 1 explained how to implement the resource owner password credentials grant. Now, Part 2 describes how to implement the client credentials grant.
Tutorial 28 Oct 2014
Prioritize your security work with QRadar Risk Manager
In this four-part video tutorial, Jose Bravo discusses the technology foundation for IBM Security QRadar Risk Manager and then demonstrates its key capabilities in a series of live use case scenarios. You'll learn how QRadar Risk Manager can help you filter tens of thousands of discovered IT vulnerabilities in your environment down to a manageable few based on the severity of the vulnerability, the sensitivity of the machine, and available attack paths.
Tutorial 09 Oct 2014
Detect database vulnerabilities with Guardium and QRadar
IBM InfoSphere Guardium has a level of visibility into databases for vulnerabilities that no application scanner can ever have because it has deep access to the configuration and other information about the database server. But how do you manage the vulnerabilities that it finds? How do you prioritize and track the work? The answer is the IBM Security QRadar SIEM family of products.
Tutorial 02 Oct 2014
Monitor your database without logging
Jose Bravo demonstrates how to set up the integration between IBM Security QRadar SIEM and IBM Guardium to create an efficient, low-impact database monitoring solution. He then walks through a typical use case scenario where an unauthorized transaction on a database is detected and raised as a security offense in the QRadar SIEM.
Tutorial 25 Sep 2014
Develop a battle plan for advanced persistent threats
Join in and listen as Jose Bravo analyzes the phases of advanced persistent threat (APT) attacks and discusses the types of detectable activities that occur at each phase of the attack.
Articles 22 Sep 2014
Learn everything you need to know about XGS
XGS is a next-generation Intrusion Prevention System (IPS) that provides intrusion prevention and security awareness and control of applications, content, and users. This document details how to configure and showcase the features of the IBM Security Network Protection (XGS) system for a deployment or a Proof of Concept (PoC).
Articles 19 Sep 2014
Do SIEM the right way with the QRadar Video Tutorial Series
The IBM Security editors have pulled together many of the video tutorials about QRadar Security Information and Event Management (SIEM) and its related products so you can get a thorough view of all of its capabilities and, more importantly, so you can get ideas about how to do SIEM right in your environment.
Articles 17 Sep 2014
InfoSphere Guardium data security and protection for MongoDB Part 2: Configuration and policies
This article series describes how to monitor and protect MongoDB data using IBM InfoSphere Guardium, including the configuration of the solution, sample monitoring use cases, and additional capabilities such as quick search of audit data and building a compliance workflow using an audit process. Part 2 describes how to configure InfoSphere Guardium to collect MongoDB traffic and describes how to create security policy rules for a variety of typical data protection use cases, such as alerting on excessive failed logins, monitoring privileged users, and alerting on unauthorized access to sensitive data. Many organizations are just getting started with MongoDB, and now is the time to build security into the environment to save time, prevent breaches, and avoid compliance violations.
Also available in: Chinese   Portuguese  
Articles 16 Sep 2014
Enhance an Android app with Google+ authentication
Build an Android application hosted on the IBM cloud and protected by Google+ Authentication. This multi-part series introduces you to new services and technologies and gradually builds with each tutorial. This tutorial includes a demo, sample code, and complete instructions for creating the BlueList Android application. You can apply what you've learned to integrate Google+ Authentication into your own applications.
Also available in: Chinese   Japanese  
Articles 11 Sep 2014
IBM Security AppScan Source Quick Process Guide
Discover an easy-to-understand process you can use to produce comprehensive, dependable, and actionable security findings using IBM Security AppScan Source. The process described in this tutorial helps security auditors and developers take their AppScan Source scan results to the next level, by customizing AppScan Source to their organization's application technologies and enforcing their application security policies, using tools already available in AppScan Source.
Articles 11 Sep 2014
Create a highly available authentication system with IBM Security Directory Server
This white paper explains how to use IBM Security Directory Server (formerly known as IBM Tivoli Directory Server) with Heartbeat to create a highly available authentication system with a fail-over mechanism. High availability is critical for enterprise authentication services because consolidating any service on a particular server is not reliable. Depending on a single server eventually creates a single point of failure, which can break the entire organization's authentication system.
Articles 04 Sep 2014
Learn about Trusteer Apex
Jose Bravo demonstrates the core capabilities of Trusteer Apex by showing desktop use case scenarios with and without Trusteer Apex installed.
Articles 04 Sep 2014
Dynamic Import of Role Based Security
This approach can be used to implement role-based security in IBM Cognos based on security filters that are defined in IBM Emptoris Spend Analysis. This provides a consistent data view across both Spend Analysis core modules and the extended module that is powered by Cognos.
Articles 28 Aug 2014
Integrate OpenStack Keystone with Tivoli Federated Identity Manager
Learn how to integrate Keystone's recently released federated identity capability with IBM Tivoli Federated Identity Manager. OpenStack is open source software for building public and private clouds that provides an Infrastructure as a Service (IaaS) platform. Keystone is an OpenStack subproject that provides identity services, including user authentication and authorization, for the OpenStack family of projects.
Also available in: Chinese  
Articles 26 Aug 2014
Learn to use the QRadar Public APIs
The QRadar Public API Series explores how to get the most out of QRadar's public API sets from a variety of programming environments.
Articles 12 Aug 2014
Optimize your AppScan Enterprise scans
The practices described in this white paper will help security testers configure and run more successful scans with IBM Security AppScan Enterprise Edition.
Articles 08 Aug 2014
Federate IBM SmartCloud for Social Business with your organization by using WebSphere DataPower
One of the most common challenges when integrating cloud-based offerings with your company is identity federation. In this article, you will learn how to federate your company repository with IBM SmartCloud for Social Business using WebSphere DataPower to provide a single sign-on (SSO) service between different security domains.
Articles 06 Aug 2014
Investigate IT security incidents with QRadar Forensics
In this four-part video tutorial, Jose Bravo demonstrates how to use QRadar Forensics to investigate three common scenarios. He walks through the investigation of the scenarios in the same way an investigator would collect forensic evidence.
Articles 29 Jul 2014
Comparing BlockIP2 with Channel Authentication Records for WebSphere MQ Security
In this article you will find useful information for keeping WebSphere MQ channels secured with WebSphere MQ product features rather than relying on third-party tools that may lack official support. You will be guided through samples on how to implement channel authentication records, a new feature introduced in IBM WebSphere MQ V7.1 for improving the overall security of your MQ environment.
Articles 24 Jul 2014
Detecting security risks with IBM Security QRadar Vulnerability Manager
Real-time detection of risks means that you can manage security vulnerabilities and protect data. IBM Security QRadar Vulnerability Manager scans, detects, and mitigates InfoSec risks.
Articles 24 Jul 2014
Improve application scanning efficiency with IBM Security AppScan
In this security community white paper, Ori Pomerantz demonstrates how to filter the pages scanned by AppScan Standard (or Enterprise) to avoid scanning different versions of the same page when they are distinguished by parameter values.
Articles 22 Jul 2014
Explore new features in Tivoli Service Automation Manager Network Extension for Juniper
IBM Tivoli Service Automation Manager (TSAM) helps enable users to request, deploy, monitor, and manage cloud computing services. Learn the basics of and explore the new features that are introduced in the recently released firewall extension, the TSAM Network Extension for Juniper.
Also available in: Chinese  
Articles 22 Jul 2014
A developer's guide to complying with PCI DSS 3.0 Requirement 6
The Payment Card Industry Data Security Standard (PCI DSS) is a highly prescriptive technical standard, which is aimed at the protection of debit and credit card details, which is referred to within the payments industry as cardholder data. The objective of the standard is to prevent payment card fraud, by securing cardholder data within organizations that either accept card payments, or are involved in the handling of cardholder data. PCI DSS consists of 12 sections of requirements, and usually responsibility for compliance rests with IT infrastructure support. PCI DSS requirement 6, however, breaks down into 28 individual requirements, and sits squarely with software developers involved in the development of applications that process, store, and transmit cardholder data. PCI compliance heavily revolves around IT services. IT focused compliance managers that are tasked with achieving compliance within organizations, often lack the required software developer knowledge and experience to help assure that the application development meets the arduous requirements of PCI DSS. Follow along to read a developer's perspective to complying with PCI DSS requirements.
Articles 09 Jul 2014
Synchronize IBM and SUN directories with IBM Security Directory Integrator
This article explains how to build a customized solution to synchronize users' registries using the IBM Security Directory Integrator.
Articles 09 Jul 2014
Integrate ISAM4Web and Yubikey with an External Authentication Interface
This white paper describes how to use the Yubico hard-token One-Time Password (OTP) generator as a replacement for traditional username and password authentication. A working example of an External Authentication Interface using a cloud-based authentication service is provided, along with all code and ISAM4Web configuration instructions.
Articles 09 Jul 2014
Manage common offenses detected by QRadar SIEM
In a series of 4 videos, Jose Bravo shows you how to manage 11 of the most common security offenses detected by IBM Security QRadar SIEM. QRadar consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.
Articles 07 Jul 2014
Learn the QRadar API in six minutes
In this video, Jose Bravo demonstrates some common tasks on the QRadar web console and demonstrates how to perform the same tasks using the public QRadar REST API.
Articles 25 Jun 2014
Use Software Defined Networking to optimize your IaaS
Explore Software Defined Networking (SDN) network management via software abstraction layers as a method to enhance and optimize your Infrastructure as a Service in the areas of interoperability, user and provider expectation management, developer and administrator requirements, and effective risk mitigation.
Also available in: Chinese   Japanese  
Articles 24 Jun 2014
Streamline your organization's mobile application security testing program with IBM Security AppScan Source 9.0
Many applications today are written for mobile devices. These applications are developed and released at a rapid speed. Yet the security of many of these applications remains a major concern. AppScan Source 9.0 streamlines your organization’s mobile application security testing with the introduction of local mode, integration with IBM Worklight, and by expanding its support of the Mac platform.
Articles 17 Jun 2014
Scan your app to find and fix OWASP Top 10 2013 vulnerabilities
Today's modern web applications are more than a match for most desktop PC applications and continue to push boundaries by taking advantage of limitless cloud services. But more powerful web applications means more complicated code, and the more complicated the code, the greater the risk of coding flaws which can lead to serious security vulnerabilities within the application. Web application vulnerabilities face exploitation by relentless malicious actors, bent on profiteering from data theft, or gaining online notoriety by causing mischief. This article looks at securing web applications by adopting industry best application development practices, such as the OWASP Top 10 and using web application vulnerability scanning tools, like IBM Rational AppScan.
Also available in: Russian  
Articles 17 Jun 2014
Securing FTP server on z/OS
This article describes how you can secure FTP on z/OS (FTPS) for server authentication using AT-TLS. The article also describes how to create AT-TLS policy using IBM Configuration Assistant for z/OS Communication Server and how to set up Policy Agent on z/OS.
Also available in: Russian  
Articles 04 Jun 2014
Make PaaS your vulnerability testing ground
Evaluate, integrate, and define various security testing concepts in differing scenarios. Explore a sample user PaaS testing environment structure as a basis for a security testing model.
Also available in: Chinese   Russian   Japanese  
Articles 03 Jun 2014
Build a front-end load balancer and failover reverse proxy with IBM Security Access Manager 8.0
Learn to configure the IBM Security Access Manager for Web 8.0 appliance as a front-end load balancer and cluster of reverse proxy servers to build a highly available, fault-tolerant, secure web environment.
Articles 30 May 2014
Understand the "Heartbleed" bug
Learn the technical details of the "Heartbleed" bug.
Articles 28 May 2014
Configure common use cases for IBM Security Access Manager for Mobile
This document gives readers an overview of a set of common use cases for the IBM Security Access Manager for Mobile Appliance, specifically focused on the use of OAuth and One Time Password authentication to deliver secure apps. It will provide details around how to configure the appliance to support these use cases. The common mobile pattern of a mobile app user registration and access pattern will be described, and the article then details how to implement the business logic required to enable the scenario in the IBM Security Access Manager (ISAM) for Mobile product.
Articles 21 May 2014
AppScan 9.0 Standard Report Templates: Modifying reports with Microsoft Word
In this white paper you learn to export report templates from AppScan Standard, modify them with Microsoft Word, and import them back to AppScan Standard. This feature, new in Version 9.0, makes it easy to customize reports.
Articles 19 May 2014
What's the most trusted platform?
Learn some of the reasons why the IBM Mainframe is the most trusted platform.
Articles 12 May 2014
Whitepaper: Protecting your critical data with integrated security intelligence
Learn how an integrated approach for extending security intelligence with data security insights can help organizations prevent attacks, ensure compliance, and reduce the overall costs of security management.
Articles 06 May 2014
Whitepaper: IBM Cloud Security
This whitepaper discusses how with an IBM suite of intelligence solutions, cloud computing can be both attractive and secure. Learn about: The intelligence capabilities necessary for gaining visibility into, and control over, cloud security, advanced security intelligence solutions that can close security gaps, and the integrated IBM Security QRadar suite.
Articles 06 May 2014
Solution Brief: Safeguarding the Cloud with IBM Security Solutions
IBM Security solutions provide layered protection and deep insight across cloud environments. Read the solution brief to learn about: Issues in cloud security, solutions to implement cloud security, and cloud security intelligence.
Articles 06 May 2014
Listen to an introduction to security intelligence
Jose Bravo leads a chalk talk on security intelligence. He describes the ability of QRadar to incorporate context from a variety of IT systems, which gives it a best-in-class ability to filter billions of IT incidents to identify the top few to be addressed immediately.
Articles 05 May 2014
Create an application inventory with AppScan Enterprise
Learn how to build a centralized, authoritative inventory of all the applications in your enterprise and track their security posture and compliance status from IBM Security AppScan Enterprise.
Articles 28 Apr 2014
Watch QRadar Vulnerability Manager in action
Jose Bravo walks through some real-world scenarios for managing and prioritizing vulnerability remediation activities.
Articles 28 Apr 2014
Customizing TXSeries CICS external authentication, Part 1: Windows Active Directory
Part 1 of this two-part article provides an overview of IBM TXSeries for Multiplatforms and the requirements for authentication and authorization in an enterprise business solution. This article focuses on IBM TXSeries for Multiplatforms external authentication through Microsoft Active Directory. Sample External Authentication Manager (EAM) files, customized for use in conjunction with this article, are available for download. In this article, you configure CICS external authentication to work with different user registries. Part 2 will provide information on customizing IBM Security Access Manager for external authentication.
Also available in: Russian  
Articles 22 Apr 2014
Manage application security across the organization with IBM Security AppScan Enterprise
In this demonstration video, watch a real-world example of how to manage application security risk across an enterprise.
Articles 21 Apr 2014
Secure REST APIs with IBM Security Access Manager
In this white paper, you use the IBM Security Access Manager for Web application to filter a representational state transfer (REST) web services interface. REST uses the same interface as web pages, HTTP, so it can be inspected (to a degree) by using the same product.
Articles 21 Apr 2014
Watch IBM Security Privileged Identity Manager issue credentials
Watch this security demo video to see a real-world example of a privileged user requesting access to a system, receiving an issued credential, using it for access, and checking it back in.
Articles 15 Apr 2014
Manage personnel access with the IBM Security Identity Manager Service Center
See how managers can use the IBM Security Identity Manager Service Center to manager their employees access rights and permissions.
Articles 14 Apr 2014
Create resilient AccessProfiles for IBM Security Access Manager for Enterprise Single Sign-On
The state machine editor in the AccessStudio advanced mode is a flexible tool for creating advanced AccessProfiles for IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO). The profiles enable developers to implement single sign-on (SSO) automation workflows for a wide variety of applications. Most applications have similar design rules for pages flows related to sign-on automation, such as login or change password pages. So it makes sense to check all sign-on automation workflows that are based on these common rules. This best practices guide introduces a set of common page flow diagrams and design rules to consider to ensure that your advanced AccessProfile state machine covers all sign-on automation workflows.
Articles 14 Apr 2014
Learn about Security Access Manager for Mobile
This demonstration video shows three advanced authorization scenarios using IBM Security Access Manager for Mobile and WorkLight.
Articles 08 Apr 2014
Using WebSphere Cast Iron Studio PGP activity with external PGP utilities
The CryptoService Activity introduced in WebSphere Cast Iron 7.0 lets you encrypt and decrypt content with PGP. While it is possible to decrypt the content encrypted by Cast Iron in the application itself, there are times when a user might want to encrypt content in Cast Iron but decrypt it in an external tool or vice versa. This article focuses on these interoperability concerns.
Articles 08 Apr 2014
Watch IBM Security Privileged Identity Manager issue credentials
Watch this security demo video to see a real-world example of a privileged user requesting access to a system, receiving an issued credential, using it for access, and checking it back in.
Articles 08 Apr 2014
Adapt the IBM Global Security Kit for Suite B and FIPS compliance
Get detailed configuration options for both the native code and Java versions of the IBM Global Security Kit (GSKit) utilities in this white paper by Oktawian Powązka. Also, learn to configure and use the utilities to be as FIPS and Suite B compliant as possible.
Articles 01 Apr 2014
Watch IBM Security Access Manager for Enterprise Single Sign-On on an iPad
This demonstration video shows IBM Security Access Manager for Enterprise Single Sign-On protecting an Apple iPad.
Articles 01 Apr 2014
Prevent cross-site request forgery: Know the hidden danger in your browser tabs
Explore two strategies to help prevent cross-site request forgery attacks as you review a detailed, step-by-step cross-site request forgery attack scenario. Also, look at some issues for scanning tools as they try to find cross-site request forgery vulnerabilities.
Also available in: Russian   Japanese  
Articles 25 Mar 2014
Integrating Samba with IBM Security Directory Server
IBM Security Directory Server can provide a unified login or single-user login for Linux and Windows clients and transparently provide access to a user's home directory through file sharing.
Also available in: Russian  
Articles 18 Mar 2014
Use the REST API to control the IBM Security Web Gateway AMP 5100
In this article, you will learn how to use the REST web services interface to control an instance of the IBM Security Access Manager for Web appliance (which can be the physical appliance or a virtual one).
Articles 18 Mar 2014
Run DNS forensics with QRadar's big data security extension
With the new big data extension in QRadar, you can process a large volume of unstructured data as illustrated in this demo. The author performs a version of DNS forensics he takes a list of all the domains visited by all employees. He then correlates it with the IBM Security X-Force IP Reputation Intelligence Feed and registrar information for each of those domains from whoisxmlapi.com. From this analysis, he produces three reference sets that are fed into QRadar for creating or modifying existing rules.
Articles 11 Mar 2014
Importing .scan files into AppScan Enterprise
IBM Security AppScan Enterprise is deployed at organization level within an enterprise to provide application scanning and centralized dashboard reporting about the scans findings. Security testers often install IBM Security AppScan> Standard on their laptop and desktop computers to scan applications because AppScan Standard is more flexible and portable. To provide a complete picture of the scan results in the AppScan Enterprise dashboard, the security testers must import their scan results from AppScan Standard to AppScan Enterprise. This document describes the step-by-step instructions for importing and exporting .scan file formats from AppScan Standard to AppScan Enterprise.
Articles 11 Mar 2014
Connect IBM Worklight hybrid mobile apps to LinkedIn services
Use the OAuth standard and IBM Worklight HTPP adapters to securely connect your hybrid mobile applications to LinkedIn's APIs and services.
Also available in: Russian   Japanese  
Articles 05 Mar 2014
Silently install IBM Security AppScan Enterprise 8.7.x
Administrators can silently upgrade or install the IBM AppScan Enterprise for Microsoft Windows from the command prompt. User notification is disabled during the silent installation, except in error cases such as notification of failed prerequisites. A silent installation uses the same installation program that the graphical user interface (GUI) version uses. Instead of displaying a wizard interface, the silent installation reads all of your responses from parameters that you pass to the command line. This document gives the response file and also details on how to use it for silent installation.
Articles 04 Mar 2014
Improve web application security with Zend Framework 2
Web applications are vulnerable to attacks from different quarters, including SQL injection, XSS, CSRF, spam, and brute-force password hacking. But it's easy to protect your PHP web application from the majority of common attacks with the security-related components available in Zend Framework 2. This article illustrates how to use these components to make your application more secure by validating form input, filtering bot submissions, rejecting comment spam, and logging unusual events.
Also available in: Russian   Japanese  
Articles 04 Mar 2014
InfoSphere Guardium and the Amazon cloud, Part 1: Explore Amazon RDS database instances and vulnerabilities
The growing number of relational databases on the cloud accentuates the need for data protection and auditing. IBM InfoSphere Guardium offers real time database security and monitoring, fine-grained database auditing, automated compliance reporting, data-level access control, database vulnerability management, and auto-discovery of sensitive data in the cloud. With the Amazon Relational Database Service (RDS) you can create and use your own database instances in the cloud and build your own applications around them. This two-part series explores how to use Guardium to protect database information in the cloud. This article describes how to use Guardium's discovery and vulnerability assessment with Amazon RDS database instances. Part 2 will cover how Guardium uses Amazon S3 for backup and restore.
Also available in: Chinese   Portuguese   Spanish  
Articles 27 Feb 2014
Manage service accounts with IBM Security Identity Manager
Review different types of service accounts and expand how you think about the common term "service account." Start the discussion with your line-of-business owners or customers. Establish a common understanding as you consider all aspects of service account management. Explore how to customize existing account management solutions to fit your business' service account management requirements.
Also available in: Russian  
Articles 25 Feb 2014
Deploy IBM Security Network Protection in an Open vSwitch
This article outlines how to configure IBM Security Network Protection (XGS5100) into an Open vSwitch–based software-defined network to protect your virtual assets. Open vSwitch is an OpenFlow–based virtual switch commonly used in cloud-based environments.
Articles 18 Feb 2014
NIC bonding for the QRadar SIEM Appliance
This article highlights the configuration necessary for bonding―or teaming―the Network Interface Card (NIC) for the QRadar SIEM appliance. It addresses topics related to high availability of the QRadar SIEM appliances and is intended for administrators in charge of maintaining those appliances.
Articles 18 Feb 2014
Build security intelligence for cloud and virtualized environments with QRadar
As with most new technology paradigms, security remains the most discussed inhibitor of widespread usage for cloud computing. Customers often cite lack of control and visibility on their workloads (application, information, and infrastructure) as the factors that most inhibit their move to cloud computing. This article outlines a security intelligence solution from IBM that helps you gain visibility and track activities in your cloud and virtualized deployments. With IBM Security QRadar SIEM capabilities, you can track user activities, detect offenses, and stay ahead of the threats in your cloud environment.
Articles 14 Feb 2014
Implementing an AppScan Enterprise-based Web Security Solution
Learn to design and implement an installation of AppScan Enterprise that enables multiple business units within a company to have separate, independent instances of AppScan Enterprise from a single installation.
Articles 11 Feb 2014
Fight against SQL injection attacks
In the world of security exploits, one vulnerability, although easily resolved, is number one on the OWASP top 10: the Structured Query Language (SQL) injection attack. Although this class has existed since 1995, it remains one of the most prevalent attacks on web assets. Get to know the SQL injection attack and discover how it's carried out on a production website. Then learn how to test a website for this class of vulnerability by using IBM Security AppScan Standard.
Also available in: Russian   Japanese  
Articles 04 Feb 2014
Securing JSON payloads using WebSphere DataPower Appliances
Learn different methods to secure a JSON payload transmitted in a REST-based architecture. These methods preserve the privacy of the payload regardless of the transport protocol. You will also learn how to encrypt both the entire payload or only select elements.
Articles 29 Jan 2014
Mobile device risk-based access and authentication governance
Discover how the IBM Tivoli Federated Identity Manager risk-based access capability can provide assessment decision and enforcement capabilities for device consent purposes and establish a high level of confidence for insurance purchase transactions. The article also showcases the use of OAuth mobile access and authorization with OAuth Access tokens when performing transaction- and risk-based access on mobile devices.
Also available in: Russian  
Articles 27 Jan 2014
Enable policy to encrypt data at rest
The emphasis on encrypting data at rest (instead of just data in motion) adds even more complexity to the key management process. Explore how IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) can simplify this task for security professionals by automating many of the component tasks. Also, learn how the latest Version 2.5 has been enhanced and improved.
Also available in: Russian  
Articles 20 Jan 2014
IBM Security Directory Integrator 7.2: Completing the security perimeter
Threat-aware identity management is key to securing your IT organization's protective perimeter. One of the tasks that are needed to achieve effective identity management is the ability to implement real-time synchronization between various identity data sources. See how IBM Security Directory Integrator, one of the two components of IBM Directory, performs this task.
Articles 20 Jan 2014
Trusteer's three-pronged approach to advanced threat protection
Explore how to help protect your IT environment from exploitation, exfiltration, and credential theft by adding Trusteer Apex. Discover how the Apex software performs these tasks. See how Apex (and other Trusteer software) combines with IBM security products to create a more secure shield for your organization's data.
Articles 20 Jan 2014
Create a secure Hadoop environment with IBM InfoSphere Guardium
All of the benefits the Hadoop environment provides hinge on the addition of security features that are provided by an external security software solution. Just as Hadoop big data environment configurations differ, so do the security requirements for protecting that environment. All big data environments are risk-prone; therefore, they must have built-in protection against unauthorized use, threats, cyberattacks, invalid input data sources, and other challenges. To that end, IBM offers IBM InfoSphere Guardium, a state-of-the-art solution for securing the Hadoop environment and protecting big data. Learn more about InfoSphere Guardium and how it can secure your Hadoop environment.
Also available in: Russian   Portuguese   Spanish  
Articles 20 Jan 2014
IBM Entrepreneur Week
IBM Entrepreneur Week is a one-of-a-kind opportunity for you to meet, interact, and connect with entrepreneurs, venture capitalists, industry leaders, and academics from around the world. If you're a startup or entrepreneur, join us onlne for our inaugural IBM Entrepreneur Week, 3-7 Feb 2014. There will be events taking place online and in locations worldwide, including face-to-face and virtual mentoring sessions, a women entrepreneur-focused event, and a LiveStream broadcast of the SmartCamp Global Finals in San Francisco.
Articles 15 Jan 2014
IBM Entrepreneur Week
IBM Entrepreneur Week is a one-of-a-kind opportunity for you to meet, interact, and connect with entrepreneurs, venture capitalists, industry leaders, and academics from around the world. If you're a startup or entrepreneur, join us online for our inaugural IBM Entrepreneur Week, 3-7 Feb 2014. There will be events taking place online and in locations worldwide, including face-to-face and virtual mentoring sessions, a women entrepreneur-focused event, and a LiveStream broadcast of the SmartCamp Global Finals in San Francisco.
Articles 15 Jan 2014
Using SQL bind variables for application performance and security
Compare the performance benefits of using bind variables, substitution variables, and literals in your SQL statements, then learn how using bind variables can protect your web application against an SQL injection attack.
Also available in: Russian   Japanese  
Articles 14 Jan 2014
IBM Security Access Manager: Protect websites with context-based access
Learn how to secure a website with context-based two-factor authentication by integrating and configuring IBM Security Access Manager (ISAM) for Web and IBM Security Access Manager for Mobile. The authors will demonstrate how to use ISAM for Mobile's context-based authorization and one-time password (OTP) interface to enable security architects to apply intelligent stronger authentication access decisions across an organization's website.
Articles 14 Jan 2014
Hadoop data security and Sentry
Given the insights possible with big data, privacy fears have been the primary focus of its detractors. What has been missing from this discussion is protection of data with Apache Hadoop. Sentry is one solution aimed at protecting data within Hadoop by using a fine-grained authorization framework. This article explores Sentry and shows how it can be used to provide controls for big data applications in regulated industries.
Also available in: Russian   Japanese  
Articles 07 Jan 2014
OAuth 2.0 clients in Java programming, Part 1: The resource owner password credentials grant
This multi-part series will help you develop a generic and reusable OAuth 2.0 client that can be used to interface with any OAuth 2.0–compliant server. Part 1 explains how to implement the resource owner password credentials grant.
Articles 07 Jan 2014
Introducing IBM Security Access Manager for Mobile
IBM Security Access Manager for Mobile can deliver mobile access security protection in a modular virtual or physical appliance package, enabling you to securely manage both mobile user access and applications. In this demonstration, you'll see how ISAM for Mobile helps you initiate mobile single sign-on and sessions management; enable context-aware authorization using device fingerprinting, geolocation awareness, and IP reputation mechanisms; and more.
Also available in: Russian  
Articles 06 Jan 2014
Using IBM InfoSphere Guardium for monitoring and auditing IBM DB2 for i database activity
IBM® InfoSphere® Guardium® is an enterprise information audit and protection solution that helps enterprises to protect and audit information across a diverse set of relational and nonrelational data sources such as Oracle, Teradata, IMS, VSAM, Microsoft® SharePoint, and IBM Netezza®, and IBM DB2® for z/OS®, and DB2 for Linux, UNIX and Windows. With InfoSphere Guardium V9.0, DB2 for i can now be included as a data source, enabling you to monitor access through native interfaces and through SQL. This article provides a brief overview of the InfoSphere Guardium architecture, describes how to configure access (including best practices for performance), and describes how to access data activity reports.
Also available in: Chinese   Japanese  
Articles 16 Dec 2013
Discover OpenStack: The Identity component Keystone
This article presents the OpenStack Identity (Keystone) project, explains how it fits into the overall architecture, and shows how it operates. It illustrates the project with insight into what it takes to install, configure, and use the components.
Also available in: Chinese   Japanese  
Articles 11 Dec 2013
DevOps best practices: Part 2. Ensure robust and effective information security with DevOps
DevOps principles, well known for helping developers and operations to work more effectively together, can be applied to information security, as well. Learn how DevOps can improve information security by applying industry-recognized best practices. Use the DevOps approach to keep systems secure, to prevent system glitches, and to ensure uninterrupted service.
Also available in: Chinese   Portuguese  
Articles 10 Dec 2013
Stronger one-time password step-up authentication with a simple Access Manager policy
Watch this video to learn how to achieve stronger step-up authentication using IBM Security Access Manager and Tivoli Federated Identity Manager with one-time password capability for extended authentication scenarios.
Articles 10 Dec 2013
Browser-based device fingerprint with risk-based access
Implement risk-based access and authentication on mobile devices to increase confidence in the security of mobile transactions. Using IBM Security Access Manager and IBM Tivoli Federated Identity Manager, evaluate the current session authentication level and registration status.
Articles 09 Dec 2013
Automated security testing with IBM Security AppScan Enterprise 8.7 and Selenium IDE
Learn how quality assurance testers seeking increased automation within the software development life cycle can leverage IBM Security AppScan Enterprise and the Selenium IDE browser plug-in for Firefox to include dynamic application security testing in their functional tests.
Articles 02 Dec 2013
Eliminate banner grabbing in Apache Tomcat
Banner grabbing is often the first step before a full-blown cyber attack, but it's easy to prevent. Learn how to secure your Apache Tomcat installation against version-based exploits by overriding the default parameters in your Server.xml and ServerInfo.properties files.
Also available in: Japanese  
Articles 02 Dec 2013
Understanding the WebSphere Application Server SAML Trust Association Interceptor
Recent fixpacks to IBM WebSphere Application Server versions 7.0, 8.0 and 8.5 include a new SAML Trust Association Interceptor (TAI) that introduces new advanced single sign on capabilities. The TAI includes many properties, and understanding what these options do and when to use them can be a challenge. The purpose of this article is to help you make sense of the SAML TAI.
Also available in: Chinese  
Articles 01 Dec 2013
Using OAuth to provide step-up authentication for mobile apps
IBM security architect Shane Weeden demonstrates a security identity and access management pattern for hybrid mobile applications using OAuth to handle registration and risk-based access policy for context-aware, step-up authentication.
Articles 26 Nov 2013
Configure the IBM Security Web Gateway Appliance as a front-end load balancer and a web reverse proxy
One of the main features of the IBM Security Web Gateway Appliance is its front-end load balancing function, which lets the appliance automatically direct web requests from clients to an appropriate reverse proxy based on a specified scheduling algorithm. This article explains the steps needed to configure an appliance as both the front-end load balancer (FELB) and as a web reverse proxy.
Articles 26 Nov 2013
Add red flags to risk-based access weights in IBM Security Access Manager
Learn how configure IBM Security Access Manager to combine the new risk-based access algorithm, which uses weights for different factors, with a "red flag" approach that specifies that particular values are suspicious regardless of what other fields show.
Articles 19 Nov 2013
Customizing SAML 2.0 with Tivoli Federated Identity Manager
SAML 2.0 is one of the most commonly used protocols for creating federation agreements for single sign-on architectures, enabling federation partners to exchange user authentication information using a relatively simple XML schema. In this article, learn how to use Tivoli Federated Identity Manager's identity-mapping rules to customize SAML 2.0 assertions for a third-party vendor or cloud service provider's unique security requirements.
Articles 19 Nov 2013
Sentry 2 and PHP, Part 2: Authentication and access control for PHP
Authentication and access control are critical to keep your web application secure. Sentry 2 is a framework-agnostic authentication and authorization system written in PHP. It provides built-in methods for many common authentication and authorization tasks, allowing you to efficiently and securely develop public-facing PHP web applications.
Articles 12 Nov 2013
Get started with KMIP4J
The Key Management Interoperability Protocol (KMIP) defines the communication between a Key Lifecycle Management System (KLMS) and its clients. Some companies have been working with proprietary implementations of KMIP in different programming languages for a while, but until now, no open source solution existed. Hence, the creation of KMIP4J, an open source implementation of KMIP in Java code now available on www.sourceforge.net. This articles gives an overview of this open source implementation.
Articles 12 Nov 2013

1 - 100 of 519 results | Next Show Summaries | Hide Summaries Subscribe to search results (RSS)