Category: DZone Security Zone

When organizations handle sensitive information, ensuring its security and maintaining compliance are paramount. Two key frameworks in this domain are ISO 27001 and SOC 2. While they share common goals, they differ significantly in their approach, scope, and purpose. Here’s…

Read more →

Do we really need to break text into tokens, or could we work directly with raw bytes? First, let’s think about how do LLMs currently handle text. They first chop it up into chunks called tokens using rules about common…

Read more →

Today, automated bot traffic creates a very costly and complex challenge for organizations in the modern digital environment. The traditional defenses present the platform operators with a paradox: the very methods effective in keeping the bots away frustrate legitimate users,…

Read more →

Traditional internal developer platforms (IDPs) have transformed how organizations manage code and infrastructure. By standardizing workflows through tools like CI/CD pipelines and Infrastructure as Code (IaC), these platforms have enabled rapid deployments, reduced manual errors, and improved developer experience. However,…

Read more →

Data breaches cost organizations an average of $4.45 million in 2023. This shows how secure data processing is becoming more crucial by the day, and the challenge grows more complex with sensitive information in cloud environments. AWS enclave technology solves…

Read more →

Artificial intelligence (AI) has transformed industries by driving innovation and efficiency across sectors. However, its rapid adoption has also exposed vulnerabilities that bad actors can exploit, making security a paramount concern. This article talks about the challenges and strategies to…

Read more →

The industry’s increasing focus on secure container images is undeniable. Companies like Chainguard — specializing in delivering container images free of CVEs — have demonstrated the demand by recently raising an impressive $140 million at a $1.1 billion valuation. In…

Read more →

In today’s digital era, cybersecurity is a cornerstone of maintaining trust and reliability in cloud operations. A managed threat detection service by AWS, like Amazon GuardDuty, can help secure your environment by analyzing activity and identifying potential risks. This hands-on…

Read more →

What Is AI Data Governance? Artificial Intelligence (AI) governance refers to the frameworks, policies, and ethical standards that guide AI technologies’ development, deployment, and management. It encompasses a range of considerations, such as data privacy, algorithmic transparency, accountability, and fairness…

Read more →

Security comes down to trust. In DevOps and our applications, it really is a question of “should this entity be allowed to do that action?” In an earlier time in IT, we could assume that if something was inside a…

Read more →

The primary inspiration for this article was my feeling that unfortunately, IT and Cyber too often work in silos — with security constraints often poorly addressed or insufficiently shared. It was also inspired by meetings with people working in Cyber,…

Read more →

With organizations shifting at a rapid pace to the cloud, securing the infrastructure is of paramount importance in their list of priorities. Even though AWS provides a varied set of tools and services related to security and compliance. There are…

Read more →

In the IoT world, security is one of the biggest challenges. When you’re connecting multiple devices together over a network, various doors are left ajar to security threats, along with an increase in the number of doors themselves that open…

Read more →

This article was written using Ballerina Swan Lake Update 10.0 (2201.10.0) but is expected to remain compatible with newer versions. DocuSign is a leading digital transaction management platform that allows users to sign, send, and manage documents securely and efficiently.…

Read more →

Cloud computing has become one of the core building blocks for modern software development. It underpins scalable web applications and forms a foundation for national infrastructure. In turn, as more enterprises and organizations adopt the cloud, the increased efficiency and…

Read more →

The museum of old and new architectures I am involved with forced me to look into safeguarding them. For instance, an old dependency can turn CVE or a solid open-source project can go commercial. This is where the concept of…

Read more →

Data governance refers to the policies and processes that ensure the management, integrity, and security of organizational data. Traditional frameworks like DAMA-DMBOK and COBIT focus on structured data management and standardizing processes (Otto, 2011). These frameworks are foundational in managing…

Read more →

Organizations face the growing challenge of managing, protecting, and governing data across diverse environments. As data flows through hybrid cloud systems, multi-cloud environments, and on-premises infrastructures, maintaining a cohesive, secure data ecosystem has become a complicated and daunting affair.  A…

Read more →

Mobile applications have become indispensable across industries, from banking to healthcare. However, their rapid growth has led to an equally fast increase in security threats. The problem lies in the increasing sophistication of attacks on mobile platforms, the rising volume…

Read more →

As enterprises expand their software development practices and scale their DevOps pipelines, effective management of continuous integration (CI) and continuous deployment (CD) processes becomes increasingly important. GitHub, as one of the most widely used source control platforms, plays a central…

Read more →

2025 is knocking on the door, and software development is changing at a rapid pace due to advanced technologies. Tech advancements like AI have transformed how developers create, deploy, and scale software. To stay ahead of the curve, developers need…

Read more →

Classic Case 1 Many software professionals lack in-depth knowledge of TCP/IP logic reasoning, which often leads to misidentifying problems as mysterious problems. Some are discouraged by the complexity of TCP/IP networking literature, while others are misled by confusing details in…

Read more →

Ephemeral containers in Kubernetes are a powerful feature that allows operators to debug and troubleshoot running Pods by creating short-lived containers within the same Pod. This is particularly helpful for issues that cannot be replicated in a separate environment. By…

Read more →

Creating a video-sharing application like YouTube is not just about front-end design and data storage; you need to have secure dynamic control over what users can see and do. With Svelte.js handling the interface and Firebase supporting backend functionalities, integrating…

Read more →

As cloud adoption continues to accelerate, securing sensitive data while complying with regulations like GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and HIPAA (Health Insurance Portability and Accountability Act) is paramount. The flexibility and scalability that cloud environments offer also…

Read more →

As we move away from using Postman, many of us are transitioning to Insomnia for API testing. In this article, I will share how I’ve set up Insomnia to streamline my own workflow. While Insomnia offers a wide range of…

Read more →

Understanding DuckDB for Data Privacy and Security Data privacy and security have become critical for all organizations across the globe. Organizations often need to identify, mask, or remove sensitive information from their datasets while maintaining data utility. This article explores…

Read more →

In the rapidly evolving field of Incident Response (IR), prompt engineering has become an essential skill that leverages AI to streamline processes, enhance response times, and provide deeper insights into threats. By creating precise and targeted prompts, IR teams can…

Read more →

Automated API testing offers multiple benefits, including speeding up the testing lifecycle and providing faster feedback. It helps in enhancing the efficiency of the APIs and allows teams to deliver the new features speedily to the market. There are multiple…

Read more →

In today’s enterprise landscape, containerization has become almost synonymous with modern application deployment. However, with containers handling sensitive data and critical business operations, security should be carefully considered and implemented. I’ve spent years securing containerized applications in the financial sector,…

Read more →

As artificial intelligence (AI) continues to revolutionize industries, its role in critical applications continues to grow exponentially. With all this innovation comes a growing concern — how do we keep AI systems secure? Unlike traditional applications, AI deals with highly…

Read more →

In the hustle to deliver value, development teams can unknowingly create software architectures that hinder their long-term progress. Initially, everything seems fine — features are shipping, continuous integration (CI) jobs are passing, and the product actually works. Yet, beneath the…

Read more →

Generative Artificial Intelligence (GenAI) adoption is picking up pace. According to McKinsey, the rate of implementation has doubled compared to just ten months prior, with 65 percent of respondents saying their companies regularly use GenAI. The promise of disruptive impact…

Read more →

OneLake in Microsoft Fabric aims to provide an enterprise with a consolidated analytical approach by developing its data and tools into one logical base. OneLake, which is automatically available across all Microsoft Fabric tenants, enables users to manage large volumes…

Read more →

Cloud IaaS providers like AWS, Azure, OCI, and GCP operate on a shared responsibility model. While they secure the underlying infrastructure, You, as a customer, are responsible for protecting data, applications, and access management. The rapid adoption of cloud services…

Read more →

As Kubernetes continues to gain traction in the realm of container orchestration, ensuring the security of container images has become paramount. Two prominent tools that focus on securing the software supply chain in Kubernetes environments are Cosign and Connaisseur. While…

Read more →

Microservices architecture has reshaped the way we design and build software, emphasizing scalability, maintainability, and agility. Two frameworks, Dropwizard and Micronaut, have gained prominence in the microservices ecosystem, each offering unique features to simplify and optimize development. In this article,…

Read more →

APIs play a critical role in web applications in the modern digital world. They are the means by which diverse components of the software talk to each other and effectively communicate. Thus, with the growing use of APIs, new kinds…

Read more →

Being a backend developer and having worked for years in the jungle of authentication and identity management, I can attest to the fact that implementing seamless SSO is often way more complex than it seems. I have witnessed how organizations…

Read more →

NodeJS is a very popular platform for building backend services and creating API endpoints. Several large companies use NodeJS in their microservices tech stack, which makes it a very useful platform to learn and know, similar to other popular languages…

Read more →

Kubernetes is not new and has been a de-facto standard of deployments and CI/CD at most companies for a while. The goal of this article is to make you familiar with all the terms and jargon that Kubernetes experts use,…

Read more →

In today’s fast-paced development environment, containerized applications have become the go-to solution for many organizations. They offer scalability, portability, and efficiency. However, containerized environments also bring their own set of challenges, particularly when it comes to security vulnerabilities. One of…

Read more →

What Is Data Governance, and How Do Glossaries, Catalogs, and Lineage Strengthen It? Data governance is a framework that is developed through the collaboration of individuals with various roles and responsibilities. This framework aims to establish processes, policies, procedures, standards,…

Read more →

The rapidly evolving cybersecurity landscape presents an array of challenges for businesses of all sizes across all industries. The constant emergence of new cyber threats, including those now powered by AI, is overwhelming current security models. A 2023 study by…

Read more →

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In Part 4 of this multi-part series on continuous compliance, we presented designs for Compliance Policy Administration Centers (CPAC) which…

Read more →

As someone who has worked in various areas of Azure for almost a decade, I have witnessed its constant evolution and the rise of increasingly sophisticated security risks. This calls for a unified approach to modern cloud security, where integrating…

Read more →

Continuous Integration and Continuous Deployment (CI/CD) pipelines are crucial for modern software development. This article explores advanced techniques to optimize these pipelines, enhancing efficiency and reliability for enterprise-level operations. Parallelization Using Matrix Builds GitHub Actions CI tests using the matrix…

Read more →

In Oracle, the AUTHID clause is a powerful option to manage DB security and access control. It defines who is considered a current user for execution purposes within stored procedures and functions. This article explores the basics of AUTHID, different…

Read more →

According to the Thales 2024 Cloud Security Study, 31% of cyberattacks prioritize SaaS applications, followed closely by 30% targeting cloud storage and 26% aimed at cloud management infrastructure. Cloud resources have become the prime targets for hackers — no surprise,…

Read more →

In this article, I aim to discuss modern approaches used to reduce the time required to establish a data transmission channel between two nodes. I will be examining both plain TCP and TLS-over-TCP.  What Is a Handshake? First, let’s define…

Read more →

“Never trust, always verify.” This key principle has been ingrained into the cybersecurity lexicon since Forrester first popularized the concept of zero trust in 2009. Since then, zero trust has emerged as one of the most important frameworks in modern…

Read more →

In this tutorial, we’ll explore implementing a second-level cache in Hibernate using NCache. We’ll set up a Java application with Hibernate. Then we’ll configure NCache as the second-level cache. Finally, we’ll test the implementation to see how caching reduces the…

Read more →

It is common for microservice systems to run more than one instance of each service. This is needed to enforce resiliency. It is therefore important to distribute the load between those instances. The component that does this is the load…

Read more →

The venerable Raspberry Pi has been around for over a decade (officially created in 2009) and it has become a standard in many robotics, home automation, and other types of uses, especially for “makers” and other tinkerers. But it has…

Read more →

The venerable Raspberry Pi has been around for over a decade (officially created in 2009) and it has become a standard in many robotics, home automation, and other types of uses, especially for “makers” and other tinkerers. But it has…

Read more →

When we talk about security in cloud-native applications, broken access control remains one of the most dangerous vulnerabilities. The OWASP Top 10 lists it as the most prevalent security risk today, and for good reason: the impact of mismanaged permissions…

Read more →

In environments with AWS Cloud workloads, a proactive approach to vulnerability management involves shifting from traditional patching to regularly deploying updated Secure Golden Images. This approach is well-suited to a modern Continuous Integration and Continuous Delivery (CI/CD) environment, where the…

Read more →

AI-powered code completion tools like GitHub Copilot, co-developed by GitHub and OpenAI, likely need no introduction. Developers are rapidly embracing this evolving technology to aid them in their work. Copilot and other Large Language Model (LLM) based coding assistants suggest…

Read more →

This will be my last entry on the topic for a while. For context, I introduced the idea that folks don’t care about security, they care about outcomes in this post; and then I began exploring ways we, as IT…

Read more →

Securing sensitive information is more critical than ever. One of the key defenses in data protection is data at rest encryption, a method that safeguards information stored on devices such as hard drives, databases, and servers. Unlike data in transit,…

Read more →

Oracle CloudWorld 2024 showcased a range of innovations and strategic shifts that will significantly impact the work of developers, engineers, and architects across industries. From AI integrations to multi-cloud strategies, Oracle is positioning itself as a key enabler of digital…

Read more →

As financial services become increasingly digitized, the need for robust operational resilience has grown more critical. The Digital Operational Resilience Act (DORA), set to take effect on January 17, 2025, aims to establish a unified framework for Information and Communication…

Read more →

In the first part of this series, we set up a Mule app and a Salesforce Connected app for the OAuth JWT bearer token flow. In this second part, we’ll go through the required steps to set up mutual TLS…

Read more →

If you grew up in the US, chances are you have a memory of going to summer camp. Even if you didn’t attend one yourself, the camp experience of going away from home, learning all sorts of arts and crafts,…

Read more →

With the rapid development of Internet technology, server-side architectures have become increasingly complex. It is now difficult to rely solely on the personal experience of developers or testers to cover all possible business scenarios. Therefore, real online traffic is crucial…

Read more →

We’re going to set out on a mind-blowing tour around network security. Upon considering the nearness and risk posed by cyber threats in this epoch, it is important to prevent the threats so that they do not cause irreversible damage…

Read more →

Security is a top priority of every company. It’s not surprising: source code, the most critical asset of any organization, should be under reliable protection — especially in view of constantly rising threats. Ransomware, infrastructure outages, vulnerabilities, and other threats…

Read more →

In my last post, I discussed the issue of getting people to care about security, and how it’s largely due to a focus on security behaviors rather than security outcomes. In this post, I’m picking up where I left off,…

Read more →

The time for rapid technology development and cloud computing is perhaps the most sensitive time when security issues are of great importance. It is here that security will have to be injected into a process right from the beginning —…

Read more →

Secrets are the keys to manage and enhance the security of a software application. Secret keys play a pivotal role in the authentication, authorization, encryption/decryption, etc. of data flowing through the application. There are various types of secrets and few…

Read more →

In this blog, you will learn how to get started with jOOQ, Liquibase, and Testcontainers. You will create a basic Spring Boot application and integrate the aforementioned techniques including a test setup. Furthermore, you will use Spring Boot Docker Compose…

Read more →

Kong Gateway is an open-source API gateway that ensures only the right requests get in while managing security, rate limiting, logging, and more. OPA (Open Policy Agent) is an open-source policy engine that takes control of your security and access…

Read more →

Developers may be aware of the lifecycle of service instances when using dependency injection, but many don’t fully grasp how it works. You can find numerous articles online that clarify these concepts, but they often just reiterate definitions that you…

Read more →

AI/ML tools and technologies heavily influence the modern digital landscape by introducing numerous use cases involving AI-based malware detection, preventing social engineering attacks, and threat identification and remediation. Many organizations have acknowledged AI/ML’s prominence in the cybersecurity threat landscape and…

Read more →

These days, it’s challenging to imagine systems that have public API endpoints without TLS certificate protection. There are several ways to issue certificates: Paid wildcard certificates that can be bought from any big TLS provider Paid root certificates that sign…

Read more →

Ever since people started putting their money into banks and financial institutions, other people have sought to steal those deposits or otherwise fraudulently obtain those protected assets. When someone asked infamous 1920s-era bank robber Willie Sutton why he robbed banks,…

Read more →

When developing an enterprise system — whether it is a completely new system or simply the addition of a new feature — it is not uncommon to need to retrieve a significant volume of records (a few hundred or even…

Read more →

The introduction of software has made remarkable changes to how business is conducted. “Back then,” people would meet in person, and most companies used manual methods, which were not scalable. Software has changed the game, and web applications are essential…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Kubernetes in the Enterprise: Once Decade-Defining, Now Forging a Future in the SDLC. Kubernetes is driving the future of cloud computing, but its security challenges…

Read more →

What Is Network Sniffing? Sniffing includes the passive interception of data packets crossing a network with further analysis. Initially, sniffing was developed to help network administrators troubleshoot connectivity problems, and since then, it has evolved into an important technique of…

Read more →

From a Java perspective, I’ve been the beneficiary of some pretty amazing features over the years: Generics (Java 5) Streams and Lambda Expressions (Java 8) Enhanced Collection Functionality (Java 9) Sealed Classes (Java 17) As key features become available, I’ve…

Read more →

As cloud networks continue to expand, security concerns become increasingly complex, making it critical to ensure robust protection without sacrificing performance. One key solution organizations use to achieve this balance is the deployment of Next-Generation Firewalls (NGFWs), which play an…

Read more →

In recent years, there has been a significant surge in the adoption of artificial intelligence (AI) and machine learning (ML) technologies across a wide range of industries. Frameworks such as TensorFlow, PyTorch, and Scikit-learn have emerged as popular choices for…

Read more →

In a world where cyber threats are just one click away (or just one QR code scan away), the old-school “castle and moat” security approach isn’t enough. Enter Zero Trust — a security model that flips the script, requiring every…

Read more →

In an era where software vulnerabilities can lead to catastrophic breaches, application security has never been more critical. Yet, for many developers, security remains a complex and often frustrating aspect of the development process.  At Black Hat 2024, I sat…

Read more →

Distributed services have indeed revolutionized the design and deployment of applications in the modern world of cloud-native architecture: flexibility, scalability, and resilience are provided by these autonomous, loosely coupled services. This also means that services add complexity to our systems,…

Read more →

Infrastructure as Code (IaC) became the de facto standard for managing infrastructure resources for many organizations. According to Markets and Markets, a B2B research firm, the IaC market share is poised to reach USD 2.3 Billion by 2027.  What Is Infrastructure as…

Read more →

In this article, we’ll discuss the importance of guarding your SaaS and the SaaS Security best practices you must implement in your Security checklist to ensure the proper functioning of your app. The seemingly unstoppable growth of SaaS platforms in the…

Read more →

In an era of increasingly complex regulatory landscapes, IT professionals face unprecedented challenges in managing data compliance. The evolving nature of regulations across various industries demands a proactive and sophisticated approach to data management. I spoke with Steve Leeper, VP…

Read more →

According to Fortune Business Insights, the global Software as a Service (SaaS) market is projected to grow from USD 317 billion in 2024 to USD 1.2 trillion by 2032, with a compound annual growth rate (CAGR) of 18.4%. This substantial…

Read more →

Nobody cares about security. There. I said it. I said the thing everyone feels, some people think, but very few have the temerity to say out loud. But before you call me a blasphemous heathen, I will ask for just…

Read more →

As artificial intelligence (AI) continues to revolutionize the tech industry, developers, engineers, and architects face a new challenge: managing the technical debt that comes with rapid AI adoption. Jeff Hollan, Head of Apps and Developer Tools at Snowflake, shares invaluable…

Read more →

When working on .NET applications, one main concern is safeguarding your code from unauthorized access, intellectual property theft, and reverse engineering. This can be achieved by implementing data and code protection techniques to protect the application. There are two main…

Read more →

Continuing on our fictitious financial company, Starlight, series of posts, here is how to set up a data lake on AWS with security as the primary thought. Introduction In the fast-moving financial industry, data is a core asset. Starlight Financial…

Read more →

Securing information is crucial as cyber-attacks are getting more sophisticated. Data residing in an unprotected state at rest (databases, stored files, and backups) pose one of the most significant risks. Data at rest encryption is necessary to guarantee that information…

Read more →

Securing distributed systems is a complex challenge due to the diversity and scale of components involved. With multiple services interacting across potentially unsecured networks, the risk of unauthorized access and data breaches increases significantly. This article explores a practical approach…

Read more →

As web technologies continue to advance, so do the methods and protocols designed to secure them. The OAuth 2.0 and OpenID Connect protocols have significantly evolved in response to emerging security threats and the growing complexity of web applications. Traditional…

Read more →

As a Node.js developer and security researcher, I recently stumbled upon an interesting security regression in the Node.js core project related to prototype pollution. This happened to be found while I was conducting an independent security research for my Node.js…

Read more →

As artificial intelligence (AI) continues transforming industries, organizations face increasing challenges in managing and utilizing data for AI initiatives. Recent industry surveys and expert insights highlight the critical role of effective data management in AI success. This article explores key…

Read more →

The Importance of Cybersecurity I firmly believe that in today’s cybersecurity expectations, software engineers should prioritize the security of their computer systems and internal IT networks. I would consider it to be a mistake to rely heavily on technology due…

Read more →