Technical library

  • spacer Filter by products, topics, and types of content

    (28 Products)

    (63 Topics)

    (4 Industries)

    (5 Types)

Develop and deploy your next
app on the IBM Bluemix
cloud platform.


1 - 100 of 553 results | Next Show Summaries | Hide Summaries Subscribe to search results (RSS)

View Results
Title none Type none Date down
Design and build secure IoT solutions, Part 1: Securing IoT devices and gateways
In this 3 part series of developing secure IoT solutions, the authors introduce IoT vulnerabilities and design challenges for secure IoT apps and then provide tested techniques for securing devices and gateways. For example, they discuss device authentication, including certificate-based authentication, device authorization, and application ID validation.
Articles 16 May 2016
Design and build secure IoT solutions, Part 3: Securing IoT applications
Part 3 in this 3 part series of developing secure IoT solutions focuses on securing IoT applications. Learn how to securely store IoT data in a Cloudant database, expose that stored data through secured APIs, and invoke secured APIs from mobile and web applications.
Articles 16 May 2016
Design and build secure IoT solutions, Part 2: Securing IoT data over the network
Building on the techniques for securing IoT devices that the authors discussed in Part 1, Part 2 in this 3 part series of developing secure IoT solutions focuses on securing data over the network. It discusses data encryption and API security in the IBM Watson IoT Platform APIs.
Articles 16 May 2016
Top three security tutorials (May 2016)
We know that you care first and foremost about protecting your assets. developerWorks Security continues to bring you the content you need to ensure that all of your precious data isn't at risk. Here are the top articles from the Security zone for Q1 2016. You don't want to miss out!
Articles 05 May 2016
Secure and protect Cassandra databases with IBM Security Guardium
IBM Security Guardium leads the way in providing a monitoring and auditing solution for NoSQL database systems. In this article, we provide an overview of one popular NoSQL database, Apache Cassandra, and explain how and why Guardium can help organizations protect Cassandra data and automate compliance reporting and sign-offs. This article includes detailed instructions and a sample security policy to help you configure Guardium and extract value immediately.
Articles 19 Apr 2016
Connect an on-premises application from Bluemix through the Secure Gateway service
See how an on-premises application that's accessible only behind a firewall can be exposed and accessed from an application that's deployed in IBM Bluemix. This tutorial briefly discusses the IBM Secure Gateway for Bluemix service, and illustrates how this integration is possible. A typical use case for establishing this kind of integration is hybrid application development and serviceability, in which some of the services provided by the application are available on premises and the rest are available in a cloud environment like Bluemix.
Also available in: Chinese  
Articles 15 Apr 2016
Interpret your syslog files with the Bluemix Time Series Database
In this article, I show you how to upload, parse, and store the information from a UNIX syslog file in the Bluemix Time Series Database. I also show you how to use queries on that database to create a dashboard to present the information from that file graphically.
Also available in: Chinese  
Articles 14 Apr 2016
Opt for flexibility: File-based administration security in IBM Integration Bus V10
IBM Integration Bus v10.0 introduced file-based authorization (file mode) for administration security. This tutorial shows how to configure file-based security to control access to an integration node and its resources. It describes several error scenarios that occur in the web UI when you lack the required permissions for an administration task. Each scenario includes command examples for granting the required permissions and procedures for verifying the results.
Also available in: Chinese  
Tutorial 18 Mar 2016
Add Google reCAPTCHA to your Bluemix Node.js application
Some attacks rely on creating a large number of disposable accounts automatically. In this article, you learn how to use the Google reCAPTCHA service to require human intervention to ensure that there is a human in the loop.
Also available in: Chinese  
Articles 03 Mar 2016
Configure multifactor authentication for Bluemix Node.js applications
Passwords are not a complete security solution; they can be stolen or shared. In this tutorial, you learn how to use a random string delivered by email as a second authentication factor. I also discuss several methods for risk analysis, which is used by the application to decide whether a second factor is warranted.
Also available in: Chinese   Japanese  
Articles 15 Feb 2016
Gain security insights into Bluemix with Apache Libcloud
IBM Bluemix is an implementation of IBM's open cloud architecture based on Cloud Foundry, an open source Platform as a Service (PaaS). It enables developers to rapidly build, deploy, and manage their cloud. Bluemix also allows creation of Virtual Machines (VM), thanks to IBM Virtual Machines (Beta). IBM Virtual Machines is one of the runtime infrastructures in IBM Bluemix where you can build, run, manage, and monitor your applications in a hosted cloud environment. You can sign up for Bluemix here, if you haven't already.
Also available in: Chinese   Japanese  
Articles 02 Feb 2016
IBM InfoSphere Optim Data Growth Solution: Enable security on an Optim Archive File
IBM InfoSphere Optim Solutions allows you to manage data throughout the data lifecycle. This tutorial walks you step-by-step through how to use function-level, object-level, and archive-file security to set data-specific security in a database.
Also available in: Chinese  
Articles 30 Dec 2015
Deploying secure software configuration management
IBM Rational ClearCase provides robust support for all four dimensions of computer security: authentication, authorization, encryption, and event-logging. In this overview of security features, learn about deploying software configuration management.
Also available in: Chinese  
Articles 22 Dec 2015
IBM Security Access Manager: Protect websites with context-based access
Learn how to secure a website with context-based two-factor authentication by integrating and configuring IBM Security Access Manager (ISAM) for Web and IBM Security Access Manager for Mobile. The authors will demonstrate how to use ISAM for Mobile's context-based authorization and one-time password (OTP) interface to enable security architects to apply intelligent stronger authentication access decisions across an organization's website.
Also available in: Chinese  
Articles 21 Dec 2015
Use Active Directory for authentication and authorization in your Node.js Bluemix application
In this article, you learn how to use your existing Microsoft Active Directory infrastructure to provide authentication and authorization decisions to your Node.js Bluemix application.
Also available in: Chinese  
Tutorial 17 Dec 2015
Are you under attack? Detect attacks against Node.js applications
In this tutorial, you learn how to detect when your IBM Bluemix Node.js web application is being scanned and attacked.
Also available in: Chinese  
Articles 14 Dec 2015
Use LDAP for authentication and authorization in your Node.js Bluemix application
In this tutorial, I show the user how to use his existing LDAP infrastructure to provide authentication and authorization decisions to a Node.js Bluemix application.
Also available in: Chinese  
Articles 09 Dec 2015
Use SSL for secure network data transport with Bluemix and dashDB
Leverage Bluemix dashDB SSL support to secure database connections for Java, .Net, and Windows ODBC/CLI applications.
Also available in: Chinese   Japanese  
Articles 08 Dec 2015
Configure an ISAM reverse proxy as a PEP to an OpenID connect provider
IBM Security Access Manager Version 9 added support for OpenID Connect. This protocol builds on OAuth Version 2.0, but the access tokens issued by an OpenID Connect Provider cannot be used out of the box to access protected resources. In this article, I explain how to configure this.
Also available in: Chinese  
Articles 08 Dec 2015
IBM developerWorks Premium unboxed
Govind Baliga signs in to his developerWorks Premium dashboard and explores all the benefits, resources, and opportunities that come with an account. Watch him unlock the goodies.
Also available in: Japanese  
Articles 01 Dec 2015
Manage security alerts with IBM DevOps Track & Plan
Track & Plan is predominately used during application development. However, it can also be used by the applications to inform the administrator when they are under attack. In this tutorial, you learn the coding to make this happen.
Also available in: Chinese   Japanese  
Articles 23 Nov 2015
Best security content from fourth quarter 2015
This quarter, the developerWorks security zone continues its focus on helping Bluemix developers address the security needs of their applications using Bluemix services.
Also available in: Chinese  
Articles 17 Nov 2015
Playful web development, Part 1: Manage user authentication with the Play Framework and Scala
Implement user management for your Play Framework applications and put your Scala skills to work. Pablo Pedemonte takes you through building a basic Play application that handles authentication and authorization. You can even use the application code as a starter for your own Play projects to shorten user-management development time.
Also available in: Chinese   Japanese   Portuguese  
Articles 12 Nov 2015
Verify server certificates in a Node.js Bluemix application
Applications often need to communicate with remote servers and exchange information with them. However, with the use of remote servers comes the risk of masquerading. Attackers can pretend to be the legitimate partners and steal or falsify information. In this article, you learn how to use certificates from within your Node.js application that is running in Bluemix to prevent such masquerading.
Also available in: Chinese   Japanese  
Articles 05 Nov 2015
Connect to your data center with the Bluemix Secure Gateway service
This tutorial shows how to configure a TLS tunnel by using the Bluemix Secure Gateway service, with encryption and authentication, between a Bluemix application and data center. The tunnel can then be used for a database connection.
Also available in: Chinese   Japanese  
Articles 29 Oct 2015
10 essential security practices from IBM
Organizations face an ever-changing set of risks in a world with rapidly changing technology, and business models that call for innovation, new platforms like cloud, and a desire to connect systems with the world at large. All of this adds to the complexity of securely protecting the enterprise. Beth Dunphy, Worldwide Strategy and Offering Executive at IBM, introduces 10 essential security practices from IBM – a flexible framework that helps organizations simplify the challenge of designing a balanced security program.
Also available in: Chinese  
Articles 25 Oct 2015
Manage account approval in a Node.js Bluemix application
Learn how to write an application that allows users to self register, then have their accounts approved or declined by an administrator.
Also available in: Chinese   Japanese  
Articles 20 Oct 2015
Scale single sign-on for your Node.js cloud apps
Use Redis to implement persistence for express-session to allow horizontal scaling of Node.js applications that use IBM Single Sign On.
Also available in: Chinese   Japanese   Portuguese  
Articles 14 Oct 2015
Connect your Docker container to enterprise services with the Bluemix Secure Gateway
The Bluemix Secure Gateway service offers a flexible means to securely expose back-end enterprise services to your Bluemix applications. Creating the Secure Gateway is relatively straightforward through the Bluemix user interface. Ensuring that the gateway is secure and then leveraging the gateway require some additional steps. This tutorial shows you how to configure the gateway, how to add destinations to local enterprise services, how to leverage a Docker container to establish the connection from your enterprise, and how to access the service from your applications.
Also available in: Chinese   Japanese  
Articles 09 Oct 2015
Combating IoT cyber threats
The Internet of Things is changing the way that businesses operate, especially in the areas of warehousing, transportation, and logistics. These changes make the security of IoT devices even more crucial, considering the time and money that is required if a hacker breaks through the defenses. This article outlines the best practices for securely developing robust IoT solutions.
Also available in: Chinese   Japanese   Portuguese  
Articles 30 Sep 2015
Run a SAST scan of a Java application by using Bluemix Static Analyzer
Save time and money by finding source code vulnerabilities early in the software development lifecycle by using the new Static Analyzer service on Bluemix. The Static Analyzer service combines the power of static application security testing (SAST) with intelligent findings analysis (IFA) technology to provide you with high-confidence, actionable findings.
Also available in: Chinese   Japanese  
Articles 24 Sep 2015
POWER8 in-core cryptography
POWER8 provides in-core instructions that when used in cryptography applications improve performance, speeding up crypto/decrypto using Advanced Encryption Standard (AES). This article explains how to use the in-core instructions.
Also available in: Chinese   Russian   Japanese  
Articles 21 Sep 2015
What's new in IBM Security Guardium V10
In Version 10, IBM Security Guardium takes a major step forward with intelligence and automation to safeguard data, enterprise-readiness features, and increased breadth of data sources, including file systems. This article provides an in-depth technical review of all new and changed capabilities including database activity monitoring, vulnerability assessment, file activity monitoring, and application masking.
Also available in: Chinese  
Articles 21 Sep 2015
Access an onsite content repository from the cloud
Integrate a Bluemix application with an on-premises IBM Content Manager instance by using the Bluemix Secure Gateway service and a Content Management Interoperability Services (CMIS) interface.
Also available in: Chinese   Japanese   Portuguese  
Articles 26 Aug 2015
Use Guardium outlier detection to detect hidden threats
Learn how Guardium database monitoring is extended with enhanced security intelligenceknown as outlier detectionto detect potential threats based on relative changes in behavior. Use cases, configuration guidance, and operational considerations are covered.
Also available in: Chinese  
Articles 14 Jul 2015
Protecting mobile applications with the ISAM module for IBM DataPower Gateway, Part 2: Creating and applying multi-factor authentication policies using one-time passwords
In Part 1 of this tutorial series, you learned how to deploy the ISAM reverse proxy on IBM DataPower Gateway to enforce access to a mobile application. The reverse proxy was then combined with a Multi Protocol Gateway to provide additional API security and integration functionality. This full solution provides a comprehensive gateway enforcement point and mobile API access on the DataPower platform. In this second part, you will extend the security policy to include enforcement of a one-time password. This policy will require an OTP authentication level step-up when a "high value" transaction is attempted. The enforcement of this policy will be done using the ISAM reverse proxy on DataPower. The policy definition and runtime evaluation will be done using ISAM for Mobile.
Also available in: Chinese  
Articles 25 Jun 2015
Use business rules as an authorization engine
Authorization policies in web-based applications are not only complicated, but also dynamic. If you implement those policies in the source code of the application, you must change it every time the policy changes. This article shows you how to use a business rule engine, Nools, to make authorization decisions in a Node.js application. This allows the security policy to be stored as an object, and edited with a simple Angular-based user interface.
Also available in: Chinese   Russian   Japanese  
Articles 16 Jun 2015
Use social media credentials for your apps using Bluemix Single Sign On
In this tutorial, learn how to secure your web applications using the IBM Single Sign On service in IBM Bluemix. Using this service, you can authenticate users to any web or mobile application. In addition, you can use multiple identity providers like Facebook, Google+, or LinkedIn, as well as any SAML identity provider. Furthermore, you can use a custom user directory directly managed in Bluemix. All identity providers can be used simultaneously so that the end users can choose among them.
Also available in: Chinese   Japanese  
Articles 02 Jun 2015
Protecting mobile applications with the ISAM module for IBM DataPower Gateway, Part 1: Securing and optimizing mobile workloads using mobile patterns
The IBM Security Access Manager module for IBM DataPower Gateway delivers strong authentication capabilities to protect mobile applications with multi-factor authentication based on contextual data and enforcement using one-time passwords. Enterprises must protect both consumer and employee mobile applications from malicious attackers to avoid data exposures and unauthorized access to mobile applications. Stronger security can be enforced using multiple authentication factors, often based on "something you know", such as a password, and "something you have", such as a mobile device. In this tutorial, you will learn how to use the ISAM module multi-factor security framework to protect applications based on user credentials.
Also available in: Chinese  
Articles 01 Jun 2015
Remote Exploitation of the Cordova Framework
In this report, the authors explain how they have discovered vulnerabilities in at least some versions of Apache Cordova.
Articles 21 May 2015
Develop secure cloud-aware applications
Cloud-aware application architectures and designs are becoming increasingly prevalent as developers and organizations recognize their increasing value. Cloud-aware applications tend to be very elastic and easy to scale, faster to develop, and more affordable. Yet while cloud-aware applications have numerous benefits, their architectures can create numerous security challenges for the unaware. This article describes some of the security challenges created by cloud-aware applications and how you can address some of them by following various best practices.
Also available in: Chinese   Russian   Japanese  
Articles 20 May 2015
IBM Security Trusteer Apex Advanced Malware Protection
This tutorial shows four videos that demonstrate the features of IBM Security Trusteer Apex Advanced Malware Protection.
Articles 20 May 2015
IBM Security Services 2014 Cyber Security Intelligence Index
IBM Managed Security Services publishes an annual Cyber Security Intelligence Index, summarizing security "events" experienced the previous year by its clients worldwide. The 2014 Index reports that in 2013, more than half a billion records—including names, emails, credit card numbers, and passwords—were stolen. It is estimated that each lost data record costs companies an average of $145. Learn more in this white paper.
Articles 12 May 2015
Examine different types of cross-site scripting attacks
Cross-site scripting (XSS) occurs when a browser renders user input as a script. Any website accepting user input without validation is vulnerable to XSS attacks. In this report, Nikita Gupta explains more about XSS and provides ways to deter them.
Articles 05 May 2015
Enable social network logins by using the Bluemix Single Sign On service
This tutorial shows you how to add user authentication to your IBM Bluemix applications by using Single Sign On services. Learn how to create and deploy a Node.js application, bind the Single Sign On service to the application, and add popular identity sources such as LinkedIn, Facebook, and Google+, or a custom Cloud Directory to your application.
Also available in: Chinese   Russian   Japanese  
Articles 04 May 2015
Strengthen application protection from design to deployment
Discover how effective application security programs can help organizations protect their priceless digital assets in the cloud with this "Securing Applications for a Safe Cloud Environment" paper.
Also available in: Chinese   Russian  
Articles 04 May 2015
Improve IBM QRadar LDAP authentication
The IBM QRadar platform supports various authentication types, enabling you to configure different authentication mechanisms to validate users and passwords. The most widely used authentication source in today's dynamic infrastructure is LDAP (Lightweight Directory Access Protocol). While IBM QRadar supports LDAP as an authentication type, the supported integration can be less than satisfactory. This article explains a solution that uses Tivoli Directory Integrator, which works as a "man-in-the-middle" to receive secure anonymous requests from QRadar and send authenticated requests to the LDAP Authentication Server.
Also available in: Russian  
Articles 27 Apr 2015
OWASP top 10 vulnerabilities
Look at the top 10 web application security risks worldwide as determined by the Open Web Application Security Project. Then discover how IBM Security AppScan helps website administrators find, correct, and avoid these and other web security threats.
Articles 20 Apr 2015
PHP renewed: Password security in modern PHP
Keep your PHP web applications' passwords safe from hackers. PHP continues to evolve with the web, and more web applications need to store passwords securely. In the second installment of a four-part series on the new face of PHP, learn about the new password-handling features added in the PHP 5.5 release.
Also available in: Chinese   Russian   Japanese   Portuguese  
Articles 15 Apr 2015
Wiper Malware Analysis
Wiper attacks are making news world wide. In this report, David McMillan walks you through these types of attacks and what you need to keep in mind for your organiation.
Articles 08 Apr 2015
Use a Liberty JAAS login module for Bluemix single sign-on
This tutorial provides a technique for Liberty-aware authentication with the Bluemix SSO service. Create a sample app that uses the Bluemix SSO service for user login; the Liberty server creates all necessary objects (Subject, Principal, Session) upon successful authentication. A Liberty app can obtain Bluemix SSO capabilities using JAAS authentication with the SSO service so that your authentication mechanism is abstracted from application code.
Also available in: Chinese   Russian   Japanese  
Articles 24 Mar 2015
Insider Threat
Organizations must monitor employee behavior to identify suspicious activities. They must ensure that only individuals with a bona fide need to access a system are authorized, and that when an individual's role changes, his or her authorization level be re-examined.
Articles 18 Mar 2015
The Deep Dark Web
In "The Deep Dark Web," a research and intelligence report, John Kuhn explains how the term "Deep Web" has become a place that contains more content than the standard web everyone uses, most of it for nefarious reasons. In this report, he gives a high-level overview of two networks that dominate the hidden spaces of the dark web.
Tutorial 10 Mar 2015
Build a secure app with Bluemix and social media authentication
Discover the benefits of social login for IBM Bluemix application users. Using a sample Ruby on Rails application, this tutorial walks you through the process. The social login sample includes the necessary application modifications, the social account configuration, and the required Bluemix configuration. You can download the sample implementation's source and a hosted Bluemix instance.
Also available in: Chinese   Russian   Japanese   Portuguese  
Articles 09 Mar 2015
Fine-grained access control for the Bluemix Object Storage service using the Single Sign On service
Understand the advantages of using an Object Store service like OpenStack's Swift and learn how it can help you secure access to objects using the Bluemix Single Sign-On Service.
Also available in: Chinese   Japanese  
Tutorial 23 Feb 2015
IBM Business Analytics Proven Practices: Access Reporter for Series 7
Access Reporter is a utility that will audit the access permissions on all objects within the Upfront datastore as well as provide all user memberships within the Series 7 namespace.
Also available in: Chinese   Russian   Spanish  
Articles 27 Jan 2015
Using the IBM InfoSphere Guardium REST API
Organizations that use InfoSphere Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner. As of InfoSphere Guardium 9.1, the Guardium API is exposed to external systems as online RESTful web services, which provide organizations with a modern interface to expose Guardium capabilities in a Web portal or via the Cloud.
Also available in: Chinese   Portuguese  
Articles 24 Nov 2014
Use IBM Security Network Protection in an OpenFlow-based Software-Defined Network
The first tutorial in this series, "Deploy IBM Security Network Protection in an Open vSwitch," explained how to configure IBM Security Network Protection into an Open vSwitch-based Software-Defined Network (SDN) environment. In this tutorial, you'll learn how to configure an SDN controller to automatically protect the virtual machines connection to an Open vSwitch.
Also available in: Russian   Portuguese  
Tutorial 07 Nov 2014
OAuth 2.0 clients in Java programming, Part 3: Authorization code grant
This multi-part series will help you develop a generic and reusable OAuth 2.0 client that can be used to interface with any OAuth 2.0-compliant server. Part 1 explained how to implement the resource owner password credentials grant. Part 2 described how to implement the client credentials grant. Now, Part 3 teaches you how to implement the authorization code grant.
Also available in: Chinese   Russian   Japanese   Portuguese  
Tutorial 04 Nov 2014
OAuth 2.0 clients in Java programming, Part 2: Client credentials grant
This multi-part series will help you develop a generic and reusable OAuth 2.0 client that can be used to interface with any OAuth 2.0-compliant server. Part 1 explained how to implement the resource owner password credentials grant. Now, Part 2 describes how to implement the client credentials grant.
Also available in: Chinese   Russian   Japanese   Portuguese  
Tutorial 28 Oct 2014
Enable Information Lifecycle Governance for data on mobile devices using Bluemix services
The RetentionLite application, built using IBM Bluemix mobile data services on an Android platform, enables a user to define governing rules or policies for efficient backup of data on the mobile device. This application enables Information Lifecycle Governance on mobile devices using flexible and configurable rules with an intuitive user interface. Enterprises can use the power of IBM Bluemix services to quickly develop and customize applications like RetentionLite to suit their data retention policies.
Also available in: Russian   Japanese   Portuguese  
Articles 28 Oct 2014
Prioritize your security work with QRadar Risk Manager
In this four-part video tutorial, Jose Bravo discusses the technology foundation for IBM Security QRadar Risk Manager and then demonstrates its key capabilities in a series of live use case scenarios. You'll learn how QRadar Risk Manager can help you filter tens of thousands of discovered IT vulnerabilities in your environment down to a manageable few based on the severity of the vulnerability, the sensitivity of the machine, and available attack paths.
Tutorial 09 Oct 2014
Detect database vulnerabilities with Guardium and QRadar
IBM InfoSphere Guardium has a level of visibility into databases for vulnerabilities that no application scanner can ever have because it has deep access to the configuration and other information about the database server. But how do you manage the vulnerabilities that it finds? How do you prioritize and track the work? The answer is the IBM Security QRadar SIEM family of products.
Tutorial 02 Oct 2014
Monitor your database without logging
Jose Bravo demonstrates how to set up the integration between IBM Security QRadar SIEM and IBM Guardium to create an efficient, low-impact database monitoring solution. He then walks through a typical use case scenario where an unauthorized transaction on a database is detected and raised as a security offense in the QRadar SIEM.
Tutorial 25 Sep 2014
Develop a battle plan for advanced persistent threats
Join in and listen as Jose Bravo analyzes the phases of advanced persistent threat (APT) attacks and discusses the types of detectable activities that occur at each phase of the attack.
Also available in: Russian  
Articles 22 Sep 2014
Learn everything you need to know about XGS
XGS is a next-generation Intrusion Prevention System (IPS) that provides intrusion prevention and security awareness and control of applications, content, and users. This document details how to configure and showcase the features of the IBM Security Network Protection (XGS) system for a deployment or a Proof of Concept (PoC).
Articles 19 Sep 2014
Do SIEM the right way with the QRadar Video Tutorial Series
The IBM Security editors have pulled together many of the video tutorials about QRadar Security Information and Event Management (SIEM) and its related products so you can get a thorough view of all of its capabilities and, more importantly, so you can get ideas about how to do SIEM right in your environment.
Also available in: Russian  
Articles 17 Sep 2014
InfoSphere Guardium data security and protection for MongoDB Part 2: Configuration and policies
This article series describes how to monitor and protect MongoDB data using IBM InfoSphere Guardium, including the configuration of the solution, sample monitoring use cases, and additional capabilities such as quick search of audit data and building a compliance workflow using an audit process. Part 2 describes how to configure InfoSphere Guardium to collect MongoDB traffic and describes how to create security policy rules for a variety of typical data protection use cases, such as alerting on excessive failed logins, monitoring privileged users, and alerting on unauthorized access to sensitive data. Many organizations are just getting started with MongoDB, and now is the time to build security into the environment to save time, prevent breaches, and avoid compliance violations.
Also available in: Chinese   Portuguese  
Articles 16 Sep 2014
IBM Security AppScan Source Quick Process Guide
Discover an easy-to-understand process you can use to produce comprehensive, dependable, and actionable security findings using IBM Security AppScan Source. The process described in this tutorial helps security auditors and developers take their AppScan Source scan results to the next level, by customizing AppScan Source to their organization's application technologies and enforcing their application security policies, using tools already available in AppScan Source.
Articles 11 Sep 2014
Create a highly available authentication system with IBM Security Directory Server
This white paper explains how to use IBM Security Directory Server (formerly known as IBM Tivoli Directory Server) with Heartbeat to create a highly available authentication system with a fail-over mechanism. High availability is critical for enterprise authentication services because consolidating any service on a particular server is not reliable. Depending on a single server eventually creates a single point of failure, which can break the entire organization's authentication system.
Articles 04 Sep 2014
Learn about Trusteer Apex
Jose Bravo demonstrates the core capabilities of Trusteer Apex by showing desktop use case scenarios with and without Trusteer Apex installed.
Articles 04 Sep 2014
Dynamic Import of Role Based Security
This approach can be used to implement role-based security in IBM Cognos based on security filters that are defined in IBM Emptoris Spend Analysis. This provides a consistent data view across both Spend Analysis core modules and the extended module that is powered by Cognos.
Articles 28 Aug 2014
Integrate OpenStack Keystone with Tivoli Federated Identity Manager
Learn how to integrate Keystone's recently released federated identity capability with IBM Tivoli Federated Identity Manager. OpenStack is open source software for building public and private clouds that provides an Infrastructure as a Service (IaaS) platform. Keystone is an OpenStack subproject that provides identity services, including user authentication and authorization, for the OpenStack family of projects.
Also available in: Chinese  
Articles 26 Aug 2014
Learn to use the QRadar Public APIs
The QRadar Public API Series explores how to get the most out of QRadar's public API sets from a variety of programming environments.
Articles 12 Aug 2014
Optimize your AppScan Enterprise scans
The practices described in this white paper will help security testers configure and run more successful scans with IBM Security AppScan Enterprise Edition.
Articles 08 Aug 2014
Federate IBM SmartCloud for Social Business with your organization by using WebSphere DataPower
One of the most common challenges when integrating cloud-based offerings with your company is identity federation. In this article, you will learn how to federate your company repository with IBM SmartCloud for Social Business using WebSphere DataPower to provide a single sign-on (SSO) service between different security domains.
Articles 06 Aug 2014
Investigate IT security incidents with QRadar Forensics
In this four-part video tutorial, Jose Bravo demonstrates how to use QRadar Forensics to investigate three common scenarios. He walks through the investigation of the scenarios in the same way an investigator would collect forensic evidence.
Also available in: Russian  
Articles 29 Jul 2014
Comparing BlockIP2 with Channel Authentication Records for WebSphere MQ Security
In this article you will find useful information for keeping WebSphere MQ channels secured with WebSphere MQ product features rather than relying on third-party tools that may lack official support. You will be guided through samples on how to implement channel authentication records, a new feature introduced in IBM WebSphere MQ V7.1 for improving the overall security of your MQ environment.
Also available in: Russian  
Articles 24 Jul 2014
Detecting security risks with IBM Security QRadar Vulnerability Manager
Real-time detection of risks means that you can manage security vulnerabilities and protect data. IBM Security QRadar Vulnerability Manager scans, detects, and mitigates InfoSec risks.
Also available in: Russian  
Articles 24 Jul 2014
Improve application scanning efficiency with IBM Security AppScan
In this security community white paper, Ori Pomerantz demonstrates how to filter the pages scanned by AppScan Standard (or Enterprise) to avoid scanning different versions of the same page when they are distinguished by parameter values.
Articles 22 Jul 2014
Explore new features in Tivoli Service Automation Manager Network Extension for Juniper
IBM Tivoli Service Automation Manager (TSAM) helps enable users to request, deploy, monitor, and manage cloud computing services. Learn the basics of and explore the new features that are introduced in the recently released firewall extension, the TSAM Network Extension for Juniper.
Also available in: Chinese  
Articles 22 Jul 2014
A developer's guide to complying with PCI DSS 3.0 Requirement 6
The Payment Card Industry Data Security Standard (PCI DSS) is a highly prescriptive technical standard, which is aimed at the protection of debit and credit card details, which is referred to within the payments industry as cardholder data. The objective of the standard is to prevent payment card fraud, by securing cardholder data within organizations that either accept card payments, or are involved in the handling of cardholder data. PCI DSS consists of 12 sections of requirements, and usually responsibility for compliance rests with IT infrastructure support. PCI DSS requirement 6, however, breaks down into 28 individual requirements, and sits squarely with software developers involved in the development of applications that process, store, and transmit cardholder data. PCI compliance heavily revolves around IT services. IT focused compliance managers that are tasked with achieving compliance within organizations, often lack the required software developer knowledge and experience to help assure that the application development meets the arduous requirements of PCI DSS. Follow along to read a developer's perspective to complying with PCI DSS requirements.
Also available in: Russian  
Articles 09 Jul 2014
Integrate ISAM4Web and Yubikey with an External Authentication Interface
This white paper describes how to use the Yubico hard-token One-Time Password (OTP) generator as a replacement for traditional username and password authentication. A working example of an External Authentication Interface using a cloud-based authentication service is provided, along with all code and ISAM4Web configuration instructions.
Articles 09 Jul 2014
Synchronize IBM and SUN directories with IBM Security Directory Integrator
This article explains how to build a customized solution to synchronize users' registries using the IBM Security Directory Integrator.
Articles 09 Jul 2014
Manage common offenses detected by QRadar SIEM
In a series of 4 videos, Jose Bravo shows you how to manage 11 of the most common security offenses detected by IBM Security QRadar SIEM. QRadar consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.
Articles 07 Jul 2014
Learn the QRadar API in six minutes
In this video, Jose Bravo demonstrates some common tasks on the QRadar web console and demonstrates how to perform the same tasks using the public QRadar REST API.
Also available in: Russian  
Articles 25 Jun 2014
Use Software Defined Networking to optimize your IaaS
Explore Software Defined Networking (SDN) network management via software abstraction layers as a method to enhance and optimize your Infrastructure as a Service in the areas of interoperability, user and provider expectation management, developer and administrator requirements, and effective risk mitigation.
Also available in: Chinese   Russian   Japanese  
Articles 24 Jun 2014
Streamline your organization's mobile application security testing program with IBM Security AppScan Source 9.0
Many applications today are written for mobile devices. These applications are developed and released at a rapid speed. Yet the security of many of these applications remains a major concern. AppScan Source 9.0 streamlines your organization’s mobile application security testing with the introduction of local mode, integration with IBM Worklight, and by expanding its support of the Mac platform.
Also available in: Russian  
Articles 17 Jun 2014
Scan your app to find and fix OWASP Top 10 2013 vulnerabilities
Today's modern web applications are more than a match for most desktop PC applications and continue to push boundaries by taking advantage of limitless cloud services. But more powerful web applications means more complicated code, and the more complicated the code, the greater the risk of coding flaws which can lead to serious security vulnerabilities within the application. Web application vulnerabilities face exploitation by relentless malicious actors, bent on profiteering from data theft, or gaining online notoriety by causing mischief. This article looks at securing web applications by adopting industry best application development practices, such as the OWASP Top 10 and using web application vulnerability scanning tools, like IBM Rational AppScan.
Also available in: Russian  
Articles 17 Jun 2014
Securing FTP server on z/OS
This article describes how you can secure FTP on z/OS (FTPS) for server authentication using AT-TLS. The article also describes how to create AT-TLS policy using IBM Configuration Assistant for z/OS Communication Server and how to set up Policy Agent on z/OS.
Also available in: Russian  
Articles 04 Jun 2014
Make PaaS your vulnerability testing ground
Evaluate, integrate, and define various security testing concepts in differing scenarios. Explore a sample user PaaS testing environment structure as a basis for a security testing model.
Also available in: Chinese   Russian   Japanese  
Articles 03 Jun 2014
Build a front-end load balancer and failover reverse proxy with IBM Security Access Manager 8.0
Learn to configure the IBM Security Access Manager for Web 8.0 appliance as a front-end load balancer and cluster of reverse proxy servers to build a highly available, fault-tolerant, secure web environment.
Articles 30 May 2014
Understand the "Heartbleed" bug
Learn the technical details of the "Heartbleed" bug.
Articles 28 May 2014
Configure common use cases for IBM Security Access Manager for Mobile
This document gives readers an overview of a set of common use cases for the IBM Security Access Manager for Mobile Appliance, specifically focused on the use of OAuth and One Time Password authentication to deliver secure apps. It will provide details around how to configure the appliance to support these use cases. The common mobile pattern of a mobile app user registration and access pattern will be described, and the article then details how to implement the business logic required to enable the scenario in the IBM Security Access Manager (ISAM) for Mobile product.
Articles 21 May 2014
AppScan 9.0 Standard Report Templates: Modifying reports with Microsoft Word
In this white paper you learn to export report templates from AppScan Standard, modify them with Microsoft Word, and import them back to AppScan Standard. This feature, new in Version 9.0, makes it easy to customize reports.
Articles 19 May 2014
What's the most trusted platform?
Learn some of the reasons why the IBM Mainframe is the most trusted platform.
Articles 12 May 2014
Whitepaper: Protecting your critical data with integrated security intelligence
Learn how an integrated approach for extending security intelligence with data security insights can help organizations prevent attacks, ensure compliance, and reduce the overall costs of security management.
Articles 06 May 2014
Whitepaper: IBM Cloud Security
This whitepaper discusses how with an IBM suite of intelligence solutions, cloud computing can be both attractive and secure. Learn about: The intelligence capabilities necessary for gaining visibility into, and control over, cloud security, advanced security intelligence solutions that can close security gaps, and the integrated IBM Security QRadar suite.
Articles 06 May 2014
Solution Brief: Safeguarding the Cloud with IBM Security Solutions
IBM Security solutions provide layered protection and deep insight across cloud environments. Read the solution brief to learn about: Issues in cloud security, solutions to implement cloud security, and cloud security intelligence.
Articles 06 May 2014
Listen to an introduction to security intelligence
Jose Bravo leads a chalk talk on security intelligence. He describes the ability of QRadar to incorporate context from a variety of IT systems, which gives it a best-in-class ability to filter billions of IT incidents to identify the top few to be addressed immediately.
Articles 05 May 2014

1 - 100 of 553 results | Next Show Summaries | Hide Summaries Subscribe to search results (RSS)