InfoQ Homepage Encryption Content on InfoQ
Articles
RSS Feed-
Beyond the Padlock: Why Certificate Transparency is Reshaping Internet Trust
Certificate Transparency (CT) creates public, append-only logs of every TLS certificate issued, enabling detection of rogue or mistaken certificates. This article explores how CT has transformed internet PKI by moving from reliance on certificate authority trustworthiness to providing verifiable transparency that major browsers now require.
on Sep 08, 2025 -
Securing Cell-Based Architecture in Modern Applications
Securing cell-based architecture is essential to fully capitalize on its benefits while minimizing risks. To achieve this, comprehensive security measures must be put in place. Organizations can start by isolating and containing cells using sandbox environments and strict access control mechanisms like role-based and attribute-based access control.
on Oct 28, 2024 -
Who Moved My Code? An Anatomy of Code Obfuscation
In this article, we introduce the topic of code obfuscation, with emphasis on string obfuscation. Obfuscation is an important practice to protect source code by making it unintelligible. Obfuscation is often mistaken with encryption, but they are different concepts. In the article we will present a number of techniques and approaches used to obfuscate data in a program.
on Nov 09, 2022 -
The Next Evolution of the Database Sharding Architecture
In this article, author Juan Pan discusses the data sharding architecture patterns in a distributed database system. She explains how Apache ShardingSphere project solves the data sharding challenges. Also discussed are two practical examples of how to create a distributed database and an encrypted table with DistSQL.
on Jan 12, 2022 -
How to Use Encryption for Defense in Depth in Native and Browser Apps
Isaac Potoczny-Jones discusses the pros and cons of application-layer encryption. He covers the attack surface of application-layer encryption in the browser, how it is very different from native clients, and how WebCrypto helps.
on May 13, 2020 -
Cloud Data Auditing Techniques with a Focus on Privacy and Security
The authors provide a guide to the current literature regarding comprehensive auditing methodologies. They not only identify and categorize the different approaches to cloud data integrity and privacy but also compare and analyze their relative merits. For example, their research lists the strengths and weaknesses of earlier work on cloud auditing, which allows researchers to design new methods.
on Jul 30, 2017 -
Securing the Modern Software Delivery Lifecycle
Information security practice has evolved to be pretty good at granting and managing access to confidential information - by people. But automation is taking over, requiring a shift in how we think about securing our infrastructure and applications.
on Feb 27, 2016 -
Answering Common Cloud Security Questions from CIOs
With the news stories of possible data breaches at enterprises like Target, and the current trend of companies migrating to cloud environments for the flexibility, scalability, agility, and cost-effectiveness they offer, CIOs have been asking hard questions about cloud security.
on Feb 12, 2014 -
Keeping Your Secrets
Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how even at full strength most forms of encryption are vulnerable to data capture and later decryption if your private keys are exposed. In this article you'll learn some ways of making it more difficult for anyone to see or alter your data exchanges.
on Sep 30, 2013 -
Automating Data Protection Across the Enterprise
This article builds on the foundational Regulatory Compliant Cloud Computing (RC3) architecture for application security in the cloud by defining a Data Encryption Infrastructure(DEI) which is not application specific. DEI encompasses technology components and an application architecture that governs the protection of sensitive data within an enterprise.
on Feb 07, 2013