The top ten security articles you need to read
The security editor shares her top resources
We are currently in a time when it seems like a majority of what we do and depend on is reliant on the Internet, whether it be IoT devices, using our mobile devices to conduct business and connect with social media, streaming the latest shows...the list goes on. With entertainment, work, and connecting with others so readily at our fingertips (literally), it also means that our devices and our data are much more vulnerable to constant attacks and threats, since sophistication of malware is at its peak.
If you're in the US, you might be aware that October is National Cyber Security Awareness Month. With all of the security events that happened in this year alone, this is a great reminder that there's no such thing as being too secure when it comes to writing secure code, limiting entry points, and more—effectively equipping yourself with the tools you need to prevent future threats (or in the very least, preparing for the aftermath of a threat).
In this article, I compile something for everyone, whether you're a developer, an administrator, or even just someone who's interested in how security vulnerabilities occur and what can be done about it, this list covers all of this and more. I compile a list of great resources that you should keep in your arsenal. So, in honor of Cyber Security Awareness Month, let's get started!
The biggest threats from this year were splashed all across the news: WannaCry, Petya, and NotPetya. And as of October 24, a new threat called Bad Rabbit was reported in Europe and Asia. They all had one thing in common: Ransomware. This rise in ransomware is alarming to note, not only because of the sheer amount of data that is essentially being held hostage, but the fact that businesses and enterprises have the difficult choice of either paying their 'kidnappers' to get their systems back online and getting their data back, knowing full well the data they get back may still be compromised. Their other choice, the recommended one, is to utilize your disaster recover plan, getting systems and data back online from backed up data.
The top ten articles you need to read now
OWASP top vulnerabilities
As of October 26, 2017, the proposed list for 2017 is in its second version, Release Candidate 2. Read the full RC2 list here: https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf
However, until RC2 has been fully accepted, it's worth it to take a look at the last time OWASP accepted the top ten list back in 2013. The vulnerabilities and risks are definitely worth knowing and are still valid as top threats.
Building distributed applications with ZeroMQ
Going hybrid is one of the ways in which you can stay above the ransomware threats. However, the cloud presents a common issue, which is how to effectively send and receive messages across your network efficiently and securely. Read this first article to get to know how a C library can act as an MQ.
Scan your app to find and fix OWASP Top 10 2013 vulnerabilities
Though you see "2013," this is another great article you need to read as it discusses code scanning. If you can effectively scan across your code along with monitoring and encryption, you have a huge advantage over stopping a breach in its tracks.
Secure and protect Cassandra databases with IBM Security Guardium
If you're using an Apache Cassandra database, it's worth it to check out this informative article. Even if you're not using Cassandra or Guardium, this article is full of information on one of the number one threats: Privileged users.
Identifying and preventing threats to your IoT devices
From authentication, including certificate-based authentication, to authorization, to application ID validation—this three-part series is all about that IoT security. Developers face new challenges to make sure that IoT applications are sufficiently secure because these applications handle a lot of sensitive data, so the focus must be on building security into IoT applications when developers design and implement such solutions. Take a look at this first article to get an overview of IoT security basics.
Gain confidence about data security in the cloud
There's so much debate over whether moving to the hybrid cloud and its benefits outweigh staying onsite. Though a few years passed since the article was initially written, the author assuages any fears you might have about making the plunge to go to the public cloud or hybrid cloud. Take note of compliance being mentioned. Compliance is going to be a huge security topic, come May 2018 when the General Data Protection Regulation (GDPR) becomes enforceable.
Set up a secure hybrid cloud environment with Bluemix
This article is part of a larger series that's really worth the read. From a security standpoint, this article walks you through on how you can build a secure hybrid cloud, since applications that run in a public cloud with access from the Internet are still exposed to security risks.
Connect your Docker container to enterprise services with the Bluemix Secure Gateway
Hey Docker and container enthusiasts, here's one just for you. If you're constantly hearing about how you shouldn't be using a container and how it's just not as secure, read this step-by-step guide on how you can use Bluemix's Secure Gateway service for your Docker container. It's straightforward and dives right into the steps.
Top 6 technical advantages of Hyperledger Fabric for blockchain networks
With its evergrowing presence and its transparency, banks are moving towards blockchain. Blockchain can deter ransomware hackers and could be the key to stopping ransomware attacks. I should also note that we have a Dev Center dedicated to helping you learn and develop with blockchain. Check it out here: https://developer.ibm.com/blockchain/
Securely connect your private VMware workloads in the IBM Cloud
This article came out right when IBM and VMware® announced this exciting partnership, where both companies are announcing new solutions. IBM is launching network control and visibility solutions from F5 Networks and Fortinet, so that enterprises can continue to extend their VMware environments, as they are, to the public cloud.
Other resources you need to check out (and bookmark!)
- Subscribe to the Security newsletter and get all the latest in events, news, and content.
- Read the latest security tutorials and articles on the developerWorks hub.
- Find out about security events, podcasts, and webinars on Security Intelligence.
- See the full security capabilities that IBM Cloud has to offer and sign up for your free trial now.
- Join the security community and interact with other security-minded individuals.
- Take courses and experiment with hands-on labs with the Security Learning Academy.
So there you have it, my top ten picks on the topic of security. Hopefully you were able to get something from this list. Obviously, having fool-proof code and a great immune system are things everyone knows about and tries to implement. But it's important to know that security is never static and is always ever-changing. Hackers are working tirelessly to disrupt and wreak havoc, so it's up to you to know what the recent trends or attacks are and how you prepare for a possible attack.