Technical library

  • spacer Filter by products, topics, and types of content

    (28 Products)

    (63 Topics)

    (4 Industries)

    (5 Types)

Develop and deploy your next
app on the IBM Bluemix
cloud platform.


1 - 100 of 540 results | Next Show Summaries | Hide Summaries Subscribe to search results (RSS)

View Results
Title none Type none Date down
Manage security alerts with IBM DevOps Track & Plan
Track & Plan is predominately used during application development. However, it can also be used by the applications to inform the administrator when they are under attack. In this tutorial, you learn the coding to make this happen.
Articles 23 Nov 2015
Best security content from fourth quarter 2015
This quarter, the developerWorks security zone continues its focus on helping Bluemix developers address the security needs of their applications using Bluemix services.
Articles 17 Nov 2015
Playful web development, Part 1: Manage user authentication with the Play Framework and Scala
Implement user management for your Play Framework applications and put your Scala skills to work. Pablo Pedemonte takes you through building a basic Play application that handles authentication and authorization. You can even use the application code as a starter for your own Play projects to shorten user-management development time.
Articles 12 Nov 2015
Verify server certificates in a Node.js Bluemix application
Applications often need to communicate with remote servers and exchange information with them. However, with the use of remote servers comes the risk of masquerading. Attackers can pretend to be the legitimate partners and steal or falsify information. In this article, you learn how to use certificates from within your Node.js application that is running in Bluemix to prevent such masquerading.
Tutorial 05 Nov 2015
Connect to your data center with the Bluemix Secure Gateway service
This tutorial shows how to configure a TLS tunnel by using the Bluemix Secure Gateway service, with encryption and authentication, between a Bluemix application and data center. The tunnel can then be used for a database connection.
Also available in: Chinese  
Tutorial 29 Oct 2015
10 essential security practices from IBM
Organizations face an ever-changing set of risks in a world with rapidly changing technology, and business models that call for innovation, new platforms like cloud, and a desire to connect systems with the world at large. All of this adds to the complexity of securely protecting the enterprise. Beth Dunphy, Worldwide Strategy and Offering Executive at IBM, introduces 10 essential security practices from IBM – a flexible framework that helps organizations simplify the challenge of designing a balanced security program.
Also available in: Chinese  
Articles 25 Oct 2015
Manage account approval in a Node.js Bluemix application
Learn how to write an application that allows users to self register, then have their accounts approved or declined by an administrator.
Also available in: Chinese  
Tutorial 20 Oct 2015
Scale single sign-on for your Node.js cloud apps
Use Redis to implement persistence for express-session to allow horizontal scaling of Node.js applications that use IBM Single Sign On.
Also available in: Chinese  
Articles 14 Oct 2015
Connect your Docker container to enterprise services with the Bluemix Secure Gateway
The Bluemix Secure Gateway service offers a flexible means to securely expose back-end enterprise services to your Bluemix applications. Creating the Secure Gateway is relatively straightforward through the Bluemix user interface. Ensuring that the gateway is secure and then leveraging the gateway require some additional steps. This tutorial shows you how to configure the gateway, how to add destinations to local enterprise services, how to leverage a Docker container to establish the connection from your enterprise, and how to access the service from your applications.
Also available in: Chinese  
Tutorial 09 Oct 2015
Combating IoT cyber threats
The Internet of Things is changing the way that businesses operate, especially in the areas of warehousing, transportation, and logistics. These changes make the security of IoT devices even more crucial, considering the time and money that is required if a hacker breaks through the defenses. This article outlines the best practices for securely developing robust IoT solutions.
Also available in: Chinese   Portuguese  
Articles 30 Sep 2015
Run a SAST scan of a Java application by using Bluemix Static Analyzer
Save time and money by finding source code vulnerabilities early in the software development lifecycle by using the new Static Analyzer service on Bluemix. The Static Analyzer service combines the power of static application security testing (SAST) with intelligent findings analysis (IFA) technology to provide you with high-confidence, actionable findings.
Also available in: Chinese   Japanese  
Articles 24 Sep 2015
POWER8 in-core cryptography
POWER8 provides in-core instructions that when used in cryptography applications improve performance, speeding up crypto/decrypto using Advanced Encryption Standard (AES). This article explains how to use the in-core instructions.
Also available in: Japanese  
Articles 21 Sep 2015
What's new in IBM Security Guardium V10
In Version 10, IBM Security Guardium takes a major step forward with intelligence and automation to safeguard data, enterprise-readiness features, and increased breadth of data sources, including file systems. This article provides an in-depth technical review of all new and changed capabilities including database activity monitoring, vulnerability assessment, file activity monitoring, and application masking.
Articles 21 Sep 2015
Access an onsite content repository from the cloud
Integrate a Bluemix application with an on-premises IBM Content Manager instance by using the Bluemix Secure Gateway service and a Content Management Interoperability Services (CMIS) interface.
Also available in: Chinese   Japanese   Portuguese  
Articles 26 Aug 2015
Put Bluemix AppScan results into Bluemix Track & Plan
Scan a Bluemix application by using the AppScan Dynamic Analyzer, and then send the scan results to the Track & Plan defect tracking service.
Also available in: Chinese   Japanese  
Articles 27 Jul 2015
Use Guardium outlier detection to detect hidden threats
Learn how Guardium database monitoring is extended with enhanced security intelligenceknown as outlier detectionto detect potential threats based on relative changes in behavior. Use cases, configuration guidance, and operational considerations are covered.
Also available in: Chinese  
Articles 14 Jul 2015
Protecting mobile applications with the ISAM module for IBM DataPower Gateway, Part 2: Creating and applying multi-factor authentication policies using one-time passwords
In Part 1 of this tutorial series, you learned how to deploy the ISAM reverse proxy on IBM DataPower Gateway to enforce access to a mobile application. The reverse proxy was then combined with a Multi Protocol Gateway to provide additional API security and integration functionality. This full solution provides a comprehensive gateway enforcement point and mobile API access on the DataPower platform. In this second part, you will extend the security policy to include enforcement of a one-time password. This policy will require an OTP authentication level step-up when a "high value" transaction is attempted. The enforcement of this policy will be done using the ISAM reverse proxy on DataPower. The policy definition and runtime evaluation will be done using ISAM for Mobile.
Also available in: Chinese  
Articles 25 Jun 2015
Use business rules as an authorization engine
Authorization policies in web-based applications are not only complicated, but also dynamic. If you implement those policies in the source code of the application, you must change it every time the policy changes. This article shows you how to use a business rule engine, Nools, to make authorization decisions in a Node.js application. This allows the security policy to be stored as an object, and edited with a simple Angular-based user interface.
Also available in: Chinese   Japanese  
Articles 16 Jun 2015
Use social media credentials for your apps using Bluemix Single Sign On
In this tutorial, learn how to secure your web applications using the IBM Single Sign On service in IBM Bluemix. Using this service, you can authenticate users to any web or mobile application. In addition, you can use multiple identity providers like Facebook, Google+, or LinkedIn, as well as any SAML identity provider. Furthermore, you can use a custom user directory directly managed in Bluemix. All identity providers can be used simultaneously so that the end users can choose among them.
Also available in: Chinese   Japanese  
Articles 02 Jun 2015
Protecting mobile applications with the ISAM module for IBM DataPower Gateway, Part 1: Securing and optimizing mobile workloads using mobile patterns
The IBM Security Access Manager module for IBM DataPower Gateway delivers strong authentication capabilities to protect mobile applications with multi-factor authentication based on contextual data and enforcement using one-time passwords. Enterprises must protect both consumer and employee mobile applications from malicious attackers to avoid data exposures and unauthorized access to mobile applications. Stronger security can be enforced using multiple authentication factors, often based on "something you know", such as a password, and "something you have", such as a mobile device. In this tutorial, you will learn how to use the ISAM module multi-factor security framework to protect applications based on user credentials.
Also available in: Chinese  
Articles 01 Jun 2015
Remote Exploitation of the Cordova Framework
In this report, the authors explain how they have discovered vulnerabilities in at least some versions of Apache Cordova.
Articles 21 May 2015
Develop secure cloud-aware applications
Cloud-aware application architectures and designs are becoming increasingly prevalent as developers and organizations recognize their increasing value. Cloud-aware applications tend to be very elastic and easy to scale, faster to develop, and more affordable. Yet while cloud-aware applications have numerous benefits, their architectures can create numerous security challenges for the unaware. This article describes some of the security challenges created by cloud-aware applications and how you can address some of them by following various best practices.
Also available in: Chinese   Japanese  
Articles 20 May 2015
IBM Security Trusteer Apex Advanced Malware Protection
This tutorial shows four videos that demonstrate the features of IBM Security Trusteer Apex Advanced Malware Protection.
Articles 20 May 2015
IBM Security Services 2014 Cyber Security Intelligence Index
IBM Managed Security Services publishes an annual Cyber Security Intelligence Index, summarizing security "events" experienced the previous year by its clients worldwide. The 2014 Index reports that in 2013, more than half a billion records—including names, emails, credit card numbers, and passwords—were stolen. It is estimated that each lost data record costs companies an average of $145. Learn more in this white paper.
Articles 12 May 2015
Find cross-site scripting errors in your Bluemix application with AppScan Dynamic Analyzer
In this short demo video, Ori Pomerantz shows a Bluemix application that has a cross-site scripting error in it. Then he shows how to add the AppScan Dynamic Analyzer service to the application and run a scan. He shows that the scan report detects the cross-site scripting error and provides guidance on how to fix it.
Articles 06 May 2015
Examine different types of cross-site scripting attacks
Cross-site scripting (XSS) occurs when a browser renders user input as a script. Any website accepting user input without validation is vulnerable to XSS attacks. In this report, Nikita Gupta explains more about XSS and provides ways to deter them.
Articles 05 May 2015
Enable social network logins by using the Bluemix Single Sign On service
This tutorial shows you how to add user authentication to your IBM Bluemix applications by using Single Sign On services. Learn how to create and deploy a Node.js application, bind the Single Sign On service to the application, and add popular identity sources such as LinkedIn, Facebook, and Google+, or a custom Cloud Directory to your application.
Also available in: Chinese   Japanese  
Articles 04 May 2015
Strengthen application protection from design to deployment
Discover how effective application security programs can help organizations protect their priceless digital assets in the cloud with this "Securing Applications for a Safe Cloud Environment" paper.
Also available in: Chinese  
Articles 04 May 2015
Improve IBM QRadar LDAP authentication
The IBM QRadar platform supports various authentication types, enabling you to configure different authentication mechanisms to validate users and passwords. The most widely used authentication source in today's dynamic infrastructure is LDAP (Lightweight Directory Access Protocol). While IBM QRadar supports LDAP as an authentication type, the supported integration can be less than satisfactory. This article explains a solution that uses Tivoli Directory Integrator, which works as a "man-in-the-middle" to receive secure anonymous requests from QRadar and send authenticated requests to the LDAP Authentication Server.
Articles 27 Apr 2015
OWASP top 10 vulnerabilities
Look at the top 10 web application security risks worldwide as determined by the Open Web Application Security Project. Then discover how IBM Security AppScan helps website administrators find, correct, and avoid these and other web security threats.
Articles 20 Apr 2015
PHP renewed: Password security in modern PHP
Keep your PHP web applications' passwords safe from hackers. PHP continues to evolve with the web, and more web applications need to store passwords securely. In the second installment of a four-part series on the new face of PHP, learn about the new password-handling features added in the PHP 5.5 release.
Also available in: Chinese   Japanese  
Articles 15 Apr 2015
Wiper Malware Analysis
Wiper attacks are making news world wide. In this report, David McMillan walks you through these types of attacks and what you need to keep in mind for your organiation.
Articles 08 Apr 2015
Use a Liberty JAAS login module for Bluemix single sign-on
This tutorial provides a technique for Liberty-aware authentication with the Bluemix SSO service. Create a sample app that uses the Bluemix SSO service for user login; the Liberty server creates all necessary objects (Subject, Principal, Session) upon successful authentication. A Liberty app can obtain Bluemix SSO capabilities using JAAS authentication with the SSO service so that your authentication mechanism is abstracted from application code.
Also available in: Chinese   Russian   Japanese  
Articles 24 Mar 2015
Insider Threat
Organizations must monitor employee behavior to identify suspicious activities. They must ensure that only individuals with a bona fide need to access a system are authorized, and that when an individual's role changes, his or her authorization level be re-examined.
Articles 18 Mar 2015
The Deep Dark Web
In "The Deep Dark Web," a research and intelligence report, John Kuhn explains how the term "Deep Web" has become a place that contains more content than the standard web everyone uses, most of it for nefarious reasons. In this report, he gives a high-level overview of two networks that dominate the hidden spaces of the dark web.
Tutorial 10 Mar 2015
Build a secure app with Bluemix and social media authentication
Discover the benefits of social login for IBM Bluemix application users. Using a sample Ruby on Rails application, this tutorial walks you through the process. The social login sample includes the necessary application modifications, the social account configuration, and the required Bluemix configuration. You can download the sample implementation's source and a hosted Bluemix instance.
Also available in: Chinese   Russian   Japanese   Portuguese  
Articles 09 Mar 2015
Fine-grained access control for the Bluemix Object Storage service using the Single Sign On service
Understand the advantages of using an Object Store service like OpenStack's Swift and learn how it can help you secure access to objects using the Bluemix Single Sign-On Service.
Also available in: Chinese   Japanese  
Tutorial 23 Feb 2015
IBM Business Analytics Proven Practices: Access Reporter for Series 7
Access Reporter is a utility that will audit the access permissions on all objects within the Upfront datastore as well as provide all user memberships within the Series 7 namespace.
Also available in: Chinese   Russian   Spanish  
Articles 27 Jan 2015
Build an Android application security test tool with Bluemix and AppScan Mobile Analyzer service
Currently, there is a significant increase in the number of mobile applications being developed. This increase creates the need for a cost-effective tool or application to do security testing and to help developers fix the identified vulnerabilities. In this tutorial, we'll discuss the IBM Bluemix AppScan Mobile Analyzer service in detail and describe how it helps developers scan and fix security issues detected in their Android applications.
Also available in: Chinese   Russian   Japanese  
Articles 16 Dec 2014
Using the IBM InfoSphere Guardium REST API
Organizations that use InfoSphere Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner. As of InfoSphere Guardium 9.1, the Guardium API is exposed to external systems as online RESTful web services, which provide organizations with a modern interface to expose Guardium capabilities in a Web portal or via the Cloud.
Also available in: Chinese   Portuguese  
Articles 24 Nov 2014
Use IBM Security Network Protection in an OpenFlow-based Software-Defined Network
The first tutorial in this series, "Deploy IBM Security Network Protection in an Open vSwitch," explained how to configure IBM Security Network Protection into an Open vSwitch-based Software-Defined Network (SDN) environment. In this tutorial, you'll learn how to configure an SDN controller to automatically protect the virtual machines connection to an Open vSwitch.
Also available in: Russian   Portuguese  
Tutorial 07 Nov 2014
OAuth 2.0 clients in Java programming, Part 3: Authorization code grant
This multi-part series will help you develop a generic and reusable OAuth 2.0 client that can be used to interface with any OAuth 2.0-compliant server. Part 1 explained how to implement the resource owner password credentials grant. Part 2 described how to implement the client credentials grant. Now, Part 3 teaches you how to implement the authorization code grant.
Also available in: Chinese   Russian   Japanese   Portuguese  
Tutorial 04 Nov 2014
OAuth 2.0 clients in Java programming, Part 2: Client credentials grant
This multi-part series will help you develop a generic and reusable OAuth 2.0 client that can be used to interface with any OAuth 2.0-compliant server. Part 1 explained how to implement the resource owner password credentials grant. Now, Part 2 describes how to implement the client credentials grant.
Also available in: Chinese   Russian   Japanese   Portuguese  
Tutorial 28 Oct 2014
Enable Information Lifecycle Governance for data on mobile devices using Bluemix services
The RetentionLite application, built using IBM Bluemix mobile data services on an Android platform, enables a user to define governing rules or policies for efficient backup of data on the mobile device. This application enables Information Lifecycle Governance on mobile devices using flexible and configurable rules with an intuitive user interface. Enterprises can use the power of IBM Bluemix services to quickly develop and customize applications like RetentionLite to suit their data retention policies.
Also available in: Russian   Japanese   Portuguese  
Articles 28 Oct 2014
Prioritize your security work with QRadar Risk Manager
In this four-part video tutorial, Jose Bravo discusses the technology foundation for IBM Security QRadar Risk Manager and then demonstrates its key capabilities in a series of live use case scenarios. You'll learn how QRadar Risk Manager can help you filter tens of thousands of discovered IT vulnerabilities in your environment down to a manageable few based on the severity of the vulnerability, the sensitivity of the machine, and available attack paths.
Tutorial 09 Oct 2014
Detect database vulnerabilities with Guardium and QRadar
IBM InfoSphere Guardium has a level of visibility into databases for vulnerabilities that no application scanner can ever have because it has deep access to the configuration and other information about the database server. But how do you manage the vulnerabilities that it finds? How do you prioritize and track the work? The answer is the IBM Security QRadar SIEM family of products.
Tutorial 02 Oct 2014
Monitor your database without logging
Jose Bravo demonstrates how to set up the integration between IBM Security QRadar SIEM and IBM Guardium to create an efficient, low-impact database monitoring solution. He then walks through a typical use case scenario where an unauthorized transaction on a database is detected and raised as a security offense in the QRadar SIEM.
Tutorial 25 Sep 2014
Develop a battle plan for advanced persistent threats
Join in and listen as Jose Bravo analyzes the phases of advanced persistent threat (APT) attacks and discusses the types of detectable activities that occur at each phase of the attack.
Also available in: Russian  
Articles 22 Sep 2014
Learn everything you need to know about XGS
XGS is a next-generation Intrusion Prevention System (IPS) that provides intrusion prevention and security awareness and control of applications, content, and users. This document details how to configure and showcase the features of the IBM Security Network Protection (XGS) system for a deployment or a Proof of Concept (PoC).
Articles 19 Sep 2014
Do SIEM the right way with the QRadar Video Tutorial Series
The IBM Security editors have pulled together many of the video tutorials about QRadar Security Information and Event Management (SIEM) and its related products so you can get a thorough view of all of its capabilities and, more importantly, so you can get ideas about how to do SIEM right in your environment.
Also available in: Russian  
Articles 17 Sep 2014
InfoSphere Guardium data security and protection for MongoDB Part 2: Configuration and policies
This article series describes how to monitor and protect MongoDB data using IBM InfoSphere Guardium, including the configuration of the solution, sample monitoring use cases, and additional capabilities such as quick search of audit data and building a compliance workflow using an audit process. Part 2 describes how to configure InfoSphere Guardium to collect MongoDB traffic and describes how to create security policy rules for a variety of typical data protection use cases, such as alerting on excessive failed logins, monitoring privileged users, and alerting on unauthorized access to sensitive data. Many organizations are just getting started with MongoDB, and now is the time to build security into the environment to save time, prevent breaches, and avoid compliance violations.
Also available in: Chinese   Portuguese  
Articles 16 Sep 2014
Enhance an Android app with Google+ authentication
Build an Android application hosted on the IBM cloud and protected by Google+ Authentication. This multi-part series introduces you to new services and technologies and gradually builds with each tutorial. This tutorial includes a demo, sample code, and complete instructions for creating the BlueList Android application. You can apply what you've learned to integrate Google+ Authentication into your own applications.
Also available in: Chinese   Japanese  
Articles 11 Sep 2014
IBM Security AppScan Source Quick Process Guide
Discover an easy-to-understand process you can use to produce comprehensive, dependable, and actionable security findings using IBM Security AppScan Source. The process described in this tutorial helps security auditors and developers take their AppScan Source scan results to the next level, by customizing AppScan Source to their organization's application technologies and enforcing their application security policies, using tools already available in AppScan Source.
Articles 11 Sep 2014
Create a highly available authentication system with IBM Security Directory Server
This white paper explains how to use IBM Security Directory Server (formerly known as IBM Tivoli Directory Server) with Heartbeat to create a highly available authentication system with a fail-over mechanism. High availability is critical for enterprise authentication services because consolidating any service on a particular server is not reliable. Depending on a single server eventually creates a single point of failure, which can break the entire organization's authentication system.
Articles 04 Sep 2014
Learn about Trusteer Apex
Jose Bravo demonstrates the core capabilities of Trusteer Apex by showing desktop use case scenarios with and without Trusteer Apex installed.
Articles 04 Sep 2014
Dynamic Import of Role Based Security
This approach can be used to implement role-based security in IBM Cognos based on security filters that are defined in IBM Emptoris Spend Analysis. This provides a consistent data view across both Spend Analysis core modules and the extended module that is powered by Cognos.
Articles 28 Aug 2014
Integrate OpenStack Keystone with Tivoli Federated Identity Manager
Learn how to integrate Keystone's recently released federated identity capability with IBM Tivoli Federated Identity Manager. OpenStack is open source software for building public and private clouds that provides an Infrastructure as a Service (IaaS) platform. Keystone is an OpenStack subproject that provides identity services, including user authentication and authorization, for the OpenStack family of projects.
Also available in: Chinese  
Articles 26 Aug 2014
Develop an OAuth-protected resource application in Bluemix
In this article, I will show you how to develop an OAuth-protected resource application in IBM Bluemix. With Bluemix, you can develop your applications with OAuth by connecting the Bluemix App User Registry Add-on to your applications and coding endpoints to enable authorization and authentication to secure your resources. The resource application consumes the Mongo service and the Bluemix App User Registry Add-on, and provides a REST service that other client applications can request to consume. The REST service is protected by the App User Registry Add-on, so the client applications must provide the appropriate authorization information. I will also cover how to develop a client application that requires authorization during the request for protected resources. All authorization and authentication processes follow the OAuth 2.0 specification.
Also available in: Chinese   Russian  
Articles 15 Aug 2014
Learn to use the QRadar Public APIs
The QRadar Public API Series explores how to get the most out of QRadar's public API sets from a variety of programming environments.
Articles 12 Aug 2014
Optimize your AppScan Enterprise scans
The practices described in this white paper will help security testers configure and run more successful scans with IBM Security AppScan Enterprise Edition.
Articles 08 Aug 2014
Federate IBM SmartCloud for Social Business with your organization by using WebSphere DataPower
One of the most common challenges when integrating cloud-based offerings with your company is identity federation. In this article, you will learn how to federate your company repository with IBM SmartCloud for Social Business using WebSphere DataPower to provide a single sign-on (SSO) service between different security domains.
Articles 06 Aug 2014
Investigate IT security incidents with QRadar Forensics
In this four-part video tutorial, Jose Bravo demonstrates how to use QRadar Forensics to investigate three common scenarios. He walks through the investigation of the scenarios in the same way an investigator would collect forensic evidence.
Also available in: Russian  
Articles 29 Jul 2014
Comparing BlockIP2 with Channel Authentication Records for WebSphere MQ Security
In this article you will find useful information for keeping WebSphere MQ channels secured with WebSphere MQ product features rather than relying on third-party tools that may lack official support. You will be guided through samples on how to implement channel authentication records, a new feature introduced in IBM WebSphere MQ V7.1 for improving the overall security of your MQ environment.
Also available in: Russian  
Articles 24 Jul 2014
Detecting security risks with IBM Security QRadar Vulnerability Manager
Real-time detection of risks means that you can manage security vulnerabilities and protect data. IBM Security QRadar Vulnerability Manager scans, detects, and mitigates InfoSec risks.
Also available in: Russian  
Articles 24 Jul 2014
Improve application scanning efficiency with IBM Security AppScan
In this security community white paper, Ori Pomerantz demonstrates how to filter the pages scanned by AppScan Standard (or Enterprise) to avoid scanning different versions of the same page when they are distinguished by parameter values.
Articles 22 Jul 2014
Explore new features in Tivoli Service Automation Manager Network Extension for Juniper
IBM Tivoli Service Automation Manager (TSAM) helps enable users to request, deploy, monitor, and manage cloud computing services. Learn the basics of and explore the new features that are introduced in the recently released firewall extension, the TSAM Network Extension for Juniper.
Also available in: Chinese  
Articles 22 Jul 2014
A developer's guide to complying with PCI DSS 3.0 Requirement 6
The Payment Card Industry Data Security Standard (PCI DSS) is a highly prescriptive technical standard, which is aimed at the protection of debit and credit card details, which is referred to within the payments industry as cardholder data. The objective of the standard is to prevent payment card fraud, by securing cardholder data within organizations that either accept card payments, or are involved in the handling of cardholder data. PCI DSS consists of 12 sections of requirements, and usually responsibility for compliance rests with IT infrastructure support. PCI DSS requirement 6, however, breaks down into 28 individual requirements, and sits squarely with software developers involved in the development of applications that process, store, and transmit cardholder data. PCI compliance heavily revolves around IT services. IT focused compliance managers that are tasked with achieving compliance within organizations, often lack the required software developer knowledge and experience to help assure that the application development meets the arduous requirements of PCI DSS. Follow along to read a developer's perspective to complying with PCI DSS requirements.
Also available in: Russian  
Articles 09 Jul 2014
Synchronize IBM and SUN directories with IBM Security Directory Integrator
This article explains how to build a customized solution to synchronize users' registries using the IBM Security Directory Integrator.
Articles 09 Jul 2014
Integrate ISAM4Web and Yubikey with an External Authentication Interface
This white paper describes how to use the Yubico hard-token One-Time Password (OTP) generator as a replacement for traditional username and password authentication. A working example of an External Authentication Interface using a cloud-based authentication service is provided, along with all code and ISAM4Web configuration instructions.
Articles 09 Jul 2014
Manage common offenses detected by QRadar SIEM
In a series of 4 videos, Jose Bravo shows you how to manage 11 of the most common security offenses detected by IBM Security QRadar SIEM. QRadar consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.
Articles 07 Jul 2014
Learn the QRadar API in six minutes
In this video, Jose Bravo demonstrates some common tasks on the QRadar web console and demonstrates how to perform the same tasks using the public QRadar REST API.
Also available in: Russian  
Articles 25 Jun 2014
Use Software Defined Networking to optimize your IaaS
Explore Software Defined Networking (SDN) network management via software abstraction layers as a method to enhance and optimize your Infrastructure as a Service in the areas of interoperability, user and provider expectation management, developer and administrator requirements, and effective risk mitigation.
Also available in: Chinese   Russian   Japanese  
Articles 24 Jun 2014
Streamline your organization's mobile application security testing program with IBM Security AppScan Source 9.0
Many applications today are written for mobile devices. These applications are developed and released at a rapid speed. Yet the security of many of these applications remains a major concern. AppScan Source 9.0 streamlines your organization’s mobile application security testing with the introduction of local mode, integration with IBM Worklight, and by expanding its support of the Mac platform.
Also available in: Russian  
Articles 17 Jun 2014
Scan your app to find and fix OWASP Top 10 2013 vulnerabilities
Today's modern web applications are more than a match for most desktop PC applications and continue to push boundaries by taking advantage of limitless cloud services. But more powerful web applications means more complicated code, and the more complicated the code, the greater the risk of coding flaws which can lead to serious security vulnerabilities within the application. Web application vulnerabilities face exploitation by relentless malicious actors, bent on profiteering from data theft, or gaining online notoriety by causing mischief. This article looks at securing web applications by adopting industry best application development practices, such as the OWASP Top 10 and using web application vulnerability scanning tools, like IBM Rational AppScan.
Also available in: Russian  
Articles 17 Jun 2014
Securing FTP server on z/OS
This article describes how you can secure FTP on z/OS (FTPS) for server authentication using AT-TLS. The article also describes how to create AT-TLS policy using IBM Configuration Assistant for z/OS Communication Server and how to set up Policy Agent on z/OS.
Also available in: Russian  
Articles 04 Jun 2014
Make PaaS your vulnerability testing ground
Evaluate, integrate, and define various security testing concepts in differing scenarios. Explore a sample user PaaS testing environment structure as a basis for a security testing model.
Also available in: Chinese   Russian   Japanese  
Articles 03 Jun 2014
Build a front-end load balancer and failover reverse proxy with IBM Security Access Manager 8.0
Learn to configure the IBM Security Access Manager for Web 8.0 appliance as a front-end load balancer and cluster of reverse proxy servers to build a highly available, fault-tolerant, secure web environment.
Articles 30 May 2014
Understand the "Heartbleed" bug
Learn the technical details of the "Heartbleed" bug.
Articles 28 May 2014
Configure common use cases for IBM Security Access Manager for Mobile
This document gives readers an overview of a set of common use cases for the IBM Security Access Manager for Mobile Appliance, specifically focused on the use of OAuth and One Time Password authentication to deliver secure apps. It will provide details around how to configure the appliance to support these use cases. The common mobile pattern of a mobile app user registration and access pattern will be described, and the article then details how to implement the business logic required to enable the scenario in the IBM Security Access Manager (ISAM) for Mobile product.
Articles 21 May 2014
AppScan 9.0 Standard Report Templates: Modifying reports with Microsoft Word
In this white paper you learn to export report templates from AppScan Standard, modify them with Microsoft Word, and import them back to AppScan Standard. This feature, new in Version 9.0, makes it easy to customize reports.
Articles 19 May 2014
What's the most trusted platform?
Learn some of the reasons why the IBM Mainframe is the most trusted platform.
Articles 12 May 2014
Whitepaper: Protecting your critical data with integrated security intelligence
Learn how an integrated approach for extending security intelligence with data security insights can help organizations prevent attacks, ensure compliance, and reduce the overall costs of security management.
Articles 06 May 2014
Whitepaper: IBM Cloud Security
This whitepaper discusses how with an IBM suite of intelligence solutions, cloud computing can be both attractive and secure. Learn about: The intelligence capabilities necessary for gaining visibility into, and control over, cloud security, advanced security intelligence solutions that can close security gaps, and the integrated IBM Security QRadar suite.
Articles 06 May 2014
Solution Brief: Safeguarding the Cloud with IBM Security Solutions
IBM Security solutions provide layered protection and deep insight across cloud environments. Read the solution brief to learn about: Issues in cloud security, solutions to implement cloud security, and cloud security intelligence.
Articles 06 May 2014
Listen to an introduction to security intelligence
Jose Bravo leads a chalk talk on security intelligence. He describes the ability of QRadar to incorporate context from a variety of IT systems, which gives it a best-in-class ability to filter billions of IT incidents to identify the top few to be addressed immediately.
Articles 05 May 2014
Create an application inventory with AppScan Enterprise
Learn how to build a centralized, authoritative inventory of all the applications in your enterprise and track their security posture and compliance status from IBM Security AppScan Enterprise.
Articles 28 Apr 2014
Watch QRadar Vulnerability Manager in action
Jose Bravo walks through some real-world scenarios for managing and prioritizing vulnerability remediation activities.
Articles 28 Apr 2014
Customizing TXSeries CICS external authentication, Part 1: Windows Active Directory
Part 1 of this two-part article provides an overview of IBM TXSeries for Multiplatforms and the requirements for authentication and authorization in an enterprise business solution. This article focuses on IBM TXSeries for Multiplatforms external authentication through Microsoft Active Directory. Sample External Authentication Manager (EAM) files, customized for use in conjunction with this article, are available for download. In this article, you configure CICS external authentication to work with different user registries. Part 2 will provide information on customizing IBM Security Access Manager for external authentication.
Also available in: Russian  
Articles 22 Apr 2014
Manage application security across the organization with IBM Security AppScan Enterprise
In this demonstration video, watch a real-world example of how to manage application security risk across an enterprise.
Articles 21 Apr 2014
Secure REST APIs with IBM Security Access Manager
In this white paper, you use the IBM Security Access Manager for Web application to filter a representational state transfer (REST) web services interface. REST uses the same interface as web pages, HTTP, so it can be inspected (to a degree) by using the same product.
Articles 21 Apr 2014
Watch IBM Security Privileged Identity Manager issue credentials
Watch this security demo video to see a real-world example of a privileged user requesting access to a system, receiving an issued credential, using it for access, and checking it back in.
Also available in: Russian  
Articles 15 Apr 2014
Manage personnel access with the IBM Security Identity Manager Service Center
See how managers can use the IBM Security Identity Manager Service Center to manager their employees access rights and permissions.
Articles 14 Apr 2014
Create resilient AccessProfiles for IBM Security Access Manager for Enterprise Single Sign-On
The state machine editor in the AccessStudio advanced mode is a flexible tool for creating advanced AccessProfiles for IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO). The profiles enable developers to implement single sign-on (SSO) automation workflows for a wide variety of applications. Most applications have similar design rules for pages flows related to sign-on automation, such as login or change password pages. So it makes sense to check all sign-on automation workflows that are based on these common rules. This best practices guide introduces a set of common page flow diagrams and design rules to consider to ensure that your advanced AccessProfile state machine covers all sign-on automation workflows.
Articles 14 Apr 2014
Learn about Security Access Manager for Mobile
This demonstration video shows three advanced authorization scenarios using IBM Security Access Manager for Mobile and WorkLight.
Articles 08 Apr 2014
Using WebSphere Cast Iron Studio PGP activity with external PGP utilities
The CryptoService Activity introduced in WebSphere Cast Iron 7.0 lets you encrypt and decrypt content with PGP. While it is possible to decrypt the content encrypted by Cast Iron in the application itself, there are times when a user might want to encrypt content in Cast Iron but decrypt it in an external tool or vice versa. This article focuses on these interoperability concerns.
Also available in: Russian  
Articles 08 Apr 2014
Watch IBM Security Privileged Identity Manager issue credentials
Watch this security demo video to see a real-world example of a privileged user requesting access to a system, receiving an issued credential, using it for access, and checking it back in.
Articles 08 Apr 2014
Adapt the IBM Global Security Kit for Suite B and FIPS compliance
Get detailed configuration options for both the native code and Java versions of the IBM Global Security Kit (GSKit) utilities in this white paper by Oktawian Powązka. Also, learn to configure and use the utilities to be as FIPS and Suite B compliant as possible.
Articles 01 Apr 2014
Watch IBM Security Access Manager for Enterprise Single Sign-On on an iPad
This demonstration video shows IBM Security Access Manager for Enterprise Single Sign-On protecting an Apple iPad.
Articles 01 Apr 2014
Prevent cross-site request forgery: Know the hidden danger in your browser tabs
Explore two strategies to help prevent cross-site request forgery attacks as you review a detailed, step-by-step cross-site request forgery attack scenario. Also, look at some issues for scanning tools as they try to find cross-site request forgery vulnerabilities.
Also available in: Chinese   Russian   Japanese  
Articles 25 Mar 2014
Integrating Samba with IBM Security Directory Server
IBM Security Directory Server can provide a unified login or single-user login for Linux and Windows clients and transparently provide access to a user's home directory through file sharing.
Also available in: Russian  
Articles 18 Mar 2014

1 - 100 of 540 results | Next Show Summaries | Hide Summaries Subscribe to search results (RSS)