Filter by products, topics, and types of content

(28 Products)

(79 Topics)

(3 Industries)

(7 Types)

1 - 28 of 28 results
Show Summaries | Hide Summaries
View Results
Title none Type none Date none
Improve application scanning efficiency with IBM Security AppScan
In this security community white paper, Ori Pomerantz demonstrates how to filter the pages scanned by AppScan Standard (or Enterprise) to avoid scanning different versions of the same page when they are distinguished by parameter values.
Articles 22 Jul 2014
Find cross-site scripting errors in your Bluemix application with AppScan Dynamic Analyzer
In this short demo video, Ori Pomerantz shows a Bluemix application that has a cross-site scripting error in it. Then he shows how to add the AppScan Dynamic Analyzer service to the application and run a scan. He shows that the scan report detects the cross-site scripting error and provides guidance on how to fix it.
Articles 06 May 2015
Secure REST APIs with IBM Security Access Manager
In this white paper, you use the IBM Security Access Manager for Web application to filter a representational state transfer (REST) web services interface. REST uses the same interface as web pages, HTTP, so it can be inspected (to a degree) by using the same product.
Articles 21 Apr 2014
AppScan 9.0 Standard Report Templates: Modifying reports with Microsoft Word
In this white paper you learn to export report templates from AppScan Standard, modify them with Microsoft Word, and import them back to AppScan Standard. This feature, new in Version 9.0, makes it easy to customize reports.
Articles 19 May 2014
Identifying and preventing threats to your IoT devices
Internet of Things (IoT) devices are often placed in insecure locations and communicate through insecure networks. In this article, you learn what the main threats to IoT devices are and some ideas about how to deal with them.
Also available in: Chinese   Japanese  
Articles 08 Jun 2017
Manage account approval in an OpenWhisk application
This tutorial shows you how to write an application that allows users to self register, and then have their accounts approved or declined by an administrator.
Tutorial 26 Oct 2017
Configure your Bluemix Node.js authorization proxy to communicate with the user
In this article, you learn how a mostly transparent proxy can produce pop-up messages to communicate with the user. You send the user a small script that asks the proxy every second if there are any messages for it. When it gets a message, it covers the screen until the message is acknowledged. Using this technique, an authorization proxy can inform the user when an attempted action is unauthorized, and how to get authorization for it.
Articles 11 Jul 2016
Add your own authorization proxy to a third-party app
In this article, you learn how to use Bluemix Node.js to create an authorization proxy. This proxy can then perform authorization checks that are not supported by an original application, which might be a third-party app.
Articles 03 Jun 2016
Use Active Directory for authentication and authorization in your Node.js Bluemix application
In this article, you learn how to use your existing Microsoft Active Directory infrastructure to provide authentication and authorization decisions to your Node.js Bluemix application. Editor's note: This article has been archived due to outdated tech or methodologies. Please refer to updates to this article in "Use LDAP and Active Directory to authenticate Node.js users."
Also available in: Chinese  
Tutorial 17 Dec 2015
Are you under attack? Detect attacks against Node.js applications
In this tutorial, you learn how to detect when your IBM Bluemix Node.js web application is being scanned and attacked.
Also available in: Chinese  
Articles 14 Dec 2015
Use LDAP and Active Directory to authenticate Node.js users
If you already have an internal IT infrastructure, it quite likely contains an LDAP server (possibly Active Directory, acting as an LDAP server) to serve user identities. In many cases, it is best to continue to use that directory, even when your application sits in IBM Cloud. In this tutorial, I show you how to authenticate users.
Also available in: Chinese  
Tutorial 07 Feb 2018
Manage security alerts with IBM DevOps Track & Plan
Track & Plan is predominately used during application development. However, it can also be used by the applications to inform the administrator when they are under attack. In this tutorial, you learn the coding to make this happen.
Also available in: Chinese   Japanese   Portuguese   Spanish  
Articles 23 Nov 2015
Put Bluemix AppScan results into Bluemix Track & Plan
Scan a Bluemix application by using the AppScan Dynamic Analyzer, and then send the scan results to the Track & Plan defect tracking service.
Also available in: Chinese   Japanese  
Articles 27 Jul 2015
Interpret your syslog files with the Bluemix Time Series Database
In this article, I show you how to upload, parse, and store the information from a UNIX syslog file in the Bluemix Time Series Database. I also show you how to use queries on that database to create a dashboard to present the information from that file graphically.
Also available in: Chinese  
Articles 14 Apr 2016
Verify server certificates in a Node.js Bluemix application
Applications often need to communicate with remote servers and exchange information with them. However, with the use of remote servers comes the risk of masquerading. Attackers can pretend to be the legitimate partners and steal or falsify information. In this article, you learn how to use certificates from within your Node.js application that is running in Bluemix to prevent such masquerading.
Also available in: Chinese   Japanese  
Articles 05 Nov 2015
Manage account approval in a Node.js Bluemix application
Learn how to write an application that allows users to self register, then have their accounts approved or declined by an administrator.
Also available in: Chinese   Japanese  
Articles 20 Oct 2015
Add Google reCAPTCHA to your Bluemix Node.js application
Some attacks rely on creating a large number of disposable accounts automatically. In this article, you learn how to use the Google reCAPTCHA service to require human intervention to ensure that there is a human in the loop.
Also available in: Chinese  
Articles 03 Mar 2016
Secure your environment with smart locks, Part 1: Build a smart lock for a disconnected environment
Learn how to build a smart lock with a NodeMCU board. In this tutorial, you learn how to create a web server to control the lock from a browser and how to use single use passwords to authenticate to a device that does not have an internet connection.
Also available in: Chinese  
Articles 18 Sep 2017
Import users from an LDAP directory to IBM Security Access Manager
Systems administrators frequently need a way to import existing user accounts from an LDAP repository into IBM Security Access Manager. In this article, get started with an import script written in Python that you can use to read users in an LDAP repository, then import them using the IBM Security Access Manager pdadmin command.
Also available in: Russian  
Articles 15 Oct 2013
Use the REST API to control the IBM Security Web Gateway AMP 5100
In this article, you will learn how to use the REST web services interface to control an instance of the IBM Security Access Manager for Web appliance (which can be the physical appliance or a virtual one).
Articles 18 Mar 2014
Configure multifactor authentication for Bluemix Node.js applications
Passwords are not a complete security solution; they can be stolen or shared. In this tutorial, you learn how to use a random string delivered by email as a second authentication factor. I also discuss several methods for risk analysis, which is used by the application to decide whether a second factor is warranted.
Also available in: Chinese   Japanese  
Articles 27 Oct 2017
Create a security-based and machine-learning front end
In this article, you learn how to create a security front end that automatically learns the proper format for application inputs. With this information, the front end can identify abnormal input, which can then be blocked or cause an alert.
Also available in: Chinese   Japanese  
Articles 12 Apr 2017
Authorize with a Cloudant proxy
It is sometimes useful to have more granular access controls on a database than the controls that are provided by Cloudant. In this tutorial, you learn how to create a Cloudant proxy that is under your control. Using such a proxy, you can implement the appropriate authorization model to the system.
Also available in: Chinese  
Tutorial 06 Dec 2017
Use business rules as an authorization engine
Authorization policies in web-based applications are not only complicated, but also dynamic. If you implement those policies in the source code of the application, you must change it every time the policy changes. This article shows you how to use a business rule engine, Nools, to make authorization decisions in a Node.js application. This allows the security policy to be stored as an object, and edited with a simple Angular-based user interface.
Also available in: Chinese   Russian   Japanese  
Articles 16 Jun 2015
Add red flags to risk-based access weights in IBM Security Access Manager
Learn how configure IBM Security Access Manager to combine the new risk-based access algorithm, which uses weights for different factors, with a "red flag" approach that specifies that particular values are suspicious regardless of what other fields show.
Articles 19 Nov 2013
Securing a Raspberry Pi embedded in your IoT device
Learn how to write scripts to define and enforce usage patterns to secure a Raspberry Pi embedded in your IoT device.
Articles 17 May 2017
Secure your environment with smart locks, Part 2: Build a smart lock for a connected environment
Learn how to extend the smart lock you built in Part 1 of this series. In this tutorial, you learn how to connect a NodeMCU board to an electric lock, and use a simple cloud-based IoT app to open or close the lock.
Also available in: Chinese  
Tutorial 18 Sep 2017
Build new adapters for IBM Security Identity Manager
Build an LDAP server adapter for IBM Security Identity Manager, then use it to provision user accounts on a test service. You'll need a new adapter anytime you want to connect IBM Security Identity Manager with an unsupported application or service, including custom applications. In this article, get step-by-step instructions for building a simulated LDAP server adapter with IBM Tivoli Directory Integrator. After you've got your new LDAP server adapter up and running, practice using it to add, reconcile, delete, and modify user accounts between IBM Security Identity Manager and a test service.
Articles 04 Nov 2013
1 - 28 of 28 results
Show Summaries | Hide Summaries