Category: DZone Security Zone

If you know anything about St. Louis, it is likely the home of the Gateway Arch, the Cardinals, and St. Louis-style BBQ. But it is also home to a DevOps event that featured some fresh perspectives on scaling, migrating legacy…

Read more →

This is a question that I hear on a fairly regular basis, not just internally but from external customers as well. So it’s one that I would like to help you walk through so that you can really figure out…

Read more →

What Is Cross-Site Scripting? Cross-Site Scripting (XSS) is a code-injection vulnerability that occurs in applications that process HTML when developers do not sanitize user input well enough before inserting it into an HTML template. It allows an attacker to insert…

Read more →

Kubernetes is an open-source container orchestration platform that has revolutionized the way applications are deployed and managed. With Kubernetes, developers can easily deploy and manage containerized applications at scale and in a consistent and predictable manner. However, managing Kubernetes environments…

Read more →

In today’s data-driven market, data translates to more power and opportunity for businesses. But as it is said, “With great power comes greater responsibility.” As more personal information is being collected and analyzed by organizations, the need to protect an…

Read more →

As more organizations expand their cloud strategy into a mix of private cloud, public cloud, on-prem data centers, and edge sites, thus embracing multi-cloud as part of their digital transformation initiatives, new security challenges emerge and must be considered at every stage…

Read more →

What Is Istio Ambient Service Mesh? Istio, an open-source and widely used service mesh, is used to manage network and security for cloud-native applications. In September 2022, Istio project released ambient mesh — a modified and sidecar-less data plane for…

Read more →

Lift-and-shift strategies are a thing of the past. Instead, forward-thinking organizations are adopting cloud-native platforms, which offer pre-constructed building blocks to increase velocity and flexibility in the architectures you design. As a result, developers gain an important benefit: The ability…

Read more →

In today’s hyperconnected digital landscape, secure internal networks have become a cornerstone of corporate infrastructure. This crucial aspect of operations is often bolstered by robust VPN technologies, such as OpenVPN.  As a leading solution in the realm of VPN, OpenVPN’s…

Read more →

Many enterprises that implement Kubernetes don’t realize how insecure it can truly be out of the box—and even when they do, they’re not sure what to do about it. And since Kubernetes is an extremely complex and flexible tool that…

Read more →

Kubernetes has become the de facto standard for container orchestration, enabling organizations to build, deploy, and scale modern applications with efficiency and agility. As more organizations adopt Kubernetes, the need for proper security and management of sensitive data within these…

Read more →

From Kubernetes to Argo to Docker to Terraform, the most influential cloud-native innovations are open source. The high velocity and mass adoption of projects like Kubernetes show that in order to keep pace with innovation, the cloud-native community must come…

Read more →

Without the existence of Internet Protocol (IP) addresses to organize and route server-to-server communication across the globe, it’s hard to imagine how the digital world would stay on its axis. Much in the same way our physical home and work…

Read more →

This week I’ve been reading through the recent judgment from the Swedish FSA on the Swedbank outage. If you’re unfamiliar with this story, Swedbank had a major outage in April 2022 that was caused by an unapproved change to their…

Read more →

Most organizations prefer to deploy containerized applications into K8s because of its scalability and flexibility. But as the number of microservices increased and application pods are distributed across multiple clusters and cloud providers, managing and scaling them has become complex.…

Read more →

Organizations have grappled with the cloud tagging challenge practically since the rise of cloud computing. Tags are the only mechanism that allows you to understand the cost of your cloud environment. But that’s not all. Cloud tagging also plays a key…

Read more →

Secure code reviews are crucial for building applications that protect users, developers, and data. The first step in conducting one is understanding the specific goals and a few essential tips for success.  What Is a Secure Code Review? A secure…

Read more →

Crafting a reliable IIoT design is all about building on foundational architecture layers and customizing them for specific network needs. How an IIoT network is organized influences performance, optimization, and security. You can ensure you get the most out of…

Read more →

Setting objectives and key results (OKRs) is a powerful way to align an organization’s efforts toward a common goal. However, as the amount of data and complexity of objectives increase, it can become challenging to set effective and achievable goals.…

Read more →

Read more →

As a web developer, do you really know what content types are? Sure, something like text/html should ring a bell, but are you also aware that getting them wrong can lead to security vulnerabilities in your application?  In this article,…

Read more →

Insider threats are a multi-million-dollar problem for many organizations, impacting organizations of all sizes and sectors. Although the methods of attack can vary, the primary types of incidents—theft of intellectual property (IP), sabotage, fraud, espionage, unintentional incidents, and misuse—continue to…

Read more →

GDPR, or the General Data Protection Regulations, is a set of rules that dictate how organizations store and use personal data. Since being introduced in 2018, GDPR has become the center of attention in data protection. Primarily due to how…

Read more →

When you publish your website, you are always a bit concerned about its security of it. From a security point of view, an SSL certificate plays a major role to authenticate the identity of the website. SSL stands for Secure…

Read more →

When you think of Milwaukee, you might think of squeaky cheese curds, polka music, and the Bronze Fonz. But now, I will always associate this city on the lake with cybersecurity, thanks to Cyphercon 6, which was held on March…

Read more →

The 21st century has given rise to a wealth of advancements in computer technology. Among these are virtual tools and programs that have applications in almost every industry imaginable. One area that virtualization technology is making a huge impact is the…

Read more →

A supply chain is a complex logistics system that converts raw materials into finished products distributed to end-consumers. The research company IoT Analytics found eight key technologies transforming the future of global supply chains. This article explores how data streaming…

Read more →

Why Do You Need Istio Ambient Mesh? It is given that Istio is a bit resource intensive due to sidecar proxy. Although there are a lot of compelling security features that can be used, the whole Istio (the sidecar) has…

Read more →

A system is a collection of interconnected components that work together to perform a defined function or set of functions. The components can be hardware, software, firmware, or a combination.  In software, a system can refer to a collection of…

Read more →

For a better grasp of the subject under discussion, it would be preferable if you could first read Chris Koch’s article: I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase. I had already written a lengthy comment…

Read more →

The cloud platforms provide customers with technology and tools to protect their assets, including the most important one — data. At the time of writing, there’s a lot of debate about who’s responsible for protecting data, but generally, the company…

Read more →

In the digital age, information is the most valuable currency. As the world becomes more connected, our computers and other devices hold an immense amount of personal, financial, and sensitive data. However, with great value comes great risk. The dark…

Read more →

This is a detailed guide on mTLS and how to implement it with Istio service mesh. We will be covering the following topics here: Understanding mTLS protocol wrt TCP/IP suite SSL vs TLS vs mTLS Why is mTLS important? Use-cases…

Read more →

Secure management of AWS secrets is essential for protecting sensitive data and preventing unauthorized access to critical systems and applications. In today’s rapidly escalating threat landscape, organizations must ensure their secrets are appropriately managed and safeguarded. The AWS SDK, also…

Read more →

Direct image upload processes create a highly efficient path between client-side users and a website’s underlying file storage instances, significantly benefiting both ends of the client/web service relationship. Due largely to the ever-increasing availability (and affordability) of cloud storage resources…

Read more →

As enterprises move towards the cloud and mobility becomes the norm, networking and security solutions must evolve accordingly. Secure Access Service Edge (SASE) enters the picture here. SASE is an up-and-coming technology category that aims to offer specific network security…

Read more →

The post-COVID world has seen more organizations adopt remote and hybrid work, allowing employees the flexibility to work from anywhere (WFA). While the move to a remote-hybrid work model for business operations comes with several benefits — like reduced cost…

Read more →

During recent security research, I came up with a fun “trick” that I later shared in a Capture the Flag challenge for the Hack.lu CTF and my Code Security Advent Calendar. I received good feedback and wanted to share the…

Read more →

As an increasing number of organizations transition to cloud-based infrastructures, data integration has emerged as a crucial component of the cloud migration process. Data integration encompasses integrating data from disparate sources into a consolidated perspective. The context of cloud migration…

Read more →

In the digital age, information is the most valuable currency. As the world becomes more connected, our computers and other devices hold an immense amount of personal, financial, and sensitive data. However, with great value comes great risk. The dark…

Read more →

Welcome to the world of server rooms — the beating heart of every digital enterprise. Whether you’re an entrepreneur or a seasoned IT professional, you know that the security of your server room is of utmost importance. Without adequate physical…

Read more →

Recommender systems have become an integral part of our daily lives, powering the personalized recommendations that we receive on social media, e-commerce platforms, and streaming services. These systems are designed to make our lives easier by suggesting products, services, and…

Read more →

Cybersecurity threats are front of mind for many organizations, and with good reason. Cybercrime is rising and is expected to reach a staggering $10.5 trillion annually by 2025. API exploits are an all-too-common approach and will be the most targeted…

Read more →

If you work in IT, then you definitely know why using such tools as Jira is more than a must. Let’s look at the numbers that Atlassian gives us… over 65K companies worldwide rely on Jira Software. Unfortunately, though, have…

Read more →

We often access a website on our browser, which works fine. But when you try to access the same while automating it using Selenium WebDriver, the website is not loaded, and the browser shows a security error like “The connection…

Read more →

ChatGPT is a relatively new technology that is set to revolutionize how software developers interact with AI. With its ability to generate code autonomously from text, ChatGPT could drastically reduce development time and complexity while allowing developers an unprecedented level…

Read more →

Mobile app testing is imperative to the app development cycle, so it’s equally essential to have well-defined strategies for it. The strategy can prove crucial to ensure the app’s quality, security, and reliability. Well-planned strategies also help testers keep unnecessary…

Read more →

In today’s world, where everything is connected to the internet, software security has become an essential aspect of software development. Software security is the process of designing, implementing, and testing software to ensure that it is secure from unauthorized access,…

Read more →

WebLogic Server is a Java-based application server, and it provides a platform for deploying and managing distributed applications and services. It is a part of the Oracle Fusion Middleware family of products and is designed to support large-scale, mission-critical applications.…

Read more →

Have you ever wondered if people can take advantage of vulnerabilities present in your code and exploit it in different ways, like selling or sharing exploits, creating malware that can destroy your functionality, launching targeted attacks, or even engaging in…

Read more →

In software, a bug is an error in the program code that often originates from human error. The most common types of bugs include functional, Performance, logic, syntax, and Syntax bugs.  A bug means a software or application failure, not working as expected results,…

Read more →

Vulnerability management is a proactive approach to identifying, managing, and mitigating network vulnerabilities to improve the security of an enterprise’s applications, software, and devices. It includes identifying vulnerabilities in IT assets, assessing risks, and taking appropriate action on systems and networks. Organizations…

Read more →

FileNet is an enterprise content management system designed to help organizations manage and store large amounts of content, including documents, images, and multimedia files. AWS is a cloud computing platform providing a wide range of infrastructure services, including computing, storage,…

Read more →

Smart contract development, more so than most web2 development, requires thorough testing and careful deployment. Because smart contracts are immutable and often involve large sums of money, it’s very important to do all you can to be sure they are…

Read more →

As the digital age progresses, the need for efficient and secure data governance practices becomes more crucial than ever. This article delves into the concept of User Data Governance and its implementation using serverless streaming. We will explore the benefits…

Read more →

Microservices architecture has become increasingly popular in recent years due to its ability to enable flexibility, scalability, and rapid deployment of applications. However, designing and implementing microservices can be complex, and it requires careful planning and architecture to ensure the…

Read more →

REST APIs are the heart of any modern software application. Securing access to REST APIs is critical for preventing unauthorized actions and protecting sensitive data. Additionally, companies must comply with regulations and standards to operate successfully. This article describes how…

Read more →

In today’s world, cyberattacks have become a major threat to individuals and organizations alike. From phishing scams to ransomware attacks, cybercriminals are constantly finding new ways to exploit vulnerabilities in digital systems. This is why cybersecurity has become more important…

Read more →

Cybersecurity is vital to maintaining a network and developing secure software, and penetration testing is one of the top ways to ensure your cybersecurity measures are up to par. Using this form of testing, you will understand where potential weaknesses lie…

Read more →

SmartStoreNET is the leading open-source e-commerce platform for .NET, which makes it suitable for companies running Windows Server. Next to the operation of an online business, it offers advanced features, such as CRM tools, a blog, and a forum. As…

Read more →

Azure Data Box is a product offered by Microsoft Azure that helps organizations transfer large amounts of data securely and efficiently to and from Azure. It is similar to AWS Snowball Edge or/ Google Transfer Appliance. The purpose of the Azure…

Read more →

A popular and practical use case for web3 is generating tickets to live events. Blockchains such as Ethereum can guarantee the ownership, originator, and authenticity of a digital item, effectively solving the problem of counterfeit tickets. While major players such…

Read more →

As more applications are deployed in Kubernetes clusters, ensuring that traffic flows securely and efficiently between them becomes increasingly important. Kubernetes Network Policies are a powerful tool for controlling traffic flow at the IP address or port level, but implementing…

Read more →

Security was mostly perimeter-based while building monolithic applications. It means securing the network perimeter and access control using firewalls. With the advent of microservices architecture, static and network-based perimeters are no longer effective. Nowadays, applications are deployed and managed by…

Read more →

Jenkins is a popular open-source automation server that is widely used for building, testing, and deploying software. It allows developers to automate many aspects of their software development process, including continuous integration and continuous deployment. As with any continuous integration…

Read more →

Data encryption is one of the most prevalent digital safety measures since it safeguards information and reduces the impact of cyber threats. Modern organizations incorporate encryption in various daily activities, such as communication and payments. That said, it is essential…

Read more →

If you’re a developer working on a web3 app, you know that onboarding mainstream users into web3 is difficult. Even with the promise of truly owning your data, making near-free worldwide payments, and using a censorship-free system, the current process…

Read more →

Cloud Implementation has become a key component of modern IT systems, enabling organizations to scale their operations and reduce costs. However, managing cloud infrastructure seamlessly and driving a cloud deployment securely is not easy. It requires a deep understanding of…

Read more →

As developers, we are always on the lookout for tools and technologies that can improve our products and services. In this article, we will discuss the key differences between Tornado and FastAPI, two popular web frameworks for Python. Additionally, we…

Read more →

DevSecOps, in layman’s language, is a combined form of software development, security, and software operations. According to Gartner’s research, “It is estimated that at least 95% of cloud security failures through 2022 will be the fault of the enterprise”. Therefore,…

Read more →

As an experienced full-stack developer with 30 years of experience, I’ve witnessed a lot of changes in tech, from the advent of the internet to the excitement of Java to the rise of cloud computing.  Recently, I decided to embark…

Read more →

The most popular container orchestration software alternatives available today are OpenShift and Kubernetes.  In this article, we are going to be comparing OpenShift and Kubernetes, and let me tell you, the comparison is far from fair. Indeed, comparing OpenShift and Kubernetes…

Read more →

Data fabric architecture is a modern approach to data management that provides a unified, scalable, and agile framework for organizations to manage and leverage data across diverse environments. It is designed to address the challenges posed by the growing volume,…

Read more →

Web3, blockchain technology, and cryptocurrency are all fascinating topics. The technology, applications, ecosystem, and the impact on society are all moving at incredible speeds. In this article, we will talk about learning web3 development from the point of view of…

Read more →

Cybersecurity for embedded devices, such as the Internet of Things (IoT) and other connected devices, is becoming increasingly important as these devices become more ubiquitous in our daily lives. The risks of the rising tide of security threats are significant.…

Read more →

Application Programming Interfaces (APIs) are the backbone of modern software development and are now vital strategic assets for large enterprises. However, with increasing API proliferation and subsequent sprawl, APIs can also pose significant security risks for enterprises. Shadow or zombie…

Read more →

“Set it and forget it” is the approach that most network teams follow with their authoritative Domain Name System (DNS). If the system is working and end-users find network connections to revenue-generating applications, services, and content, then administrators will generally…

Read more →

Authentication is the process of identifying a user and verifying that they have access to a system or server. It is a security measure that protects the system from unauthorized access and guarantees that only valid users are using the…

Read more →

Health Insurance Portability and Accountability Act (HIPAA) regulations must be followed by any software used in the healthcare industry that manages electronic patient health information (ePHI). Federal law outlines requirements to guarantee that private patient health information is not disclosed…

Read more →

Secrets leakage is a growing problem affecting companies of all sizes, including GitHub. They recently made an announcement on their blog regarding an SSH private key exposure: [Last week, GitHub] discovered that GitHub.com’s RSA SSH private key was briefly exposed…

Read more →

There are many new L2s emerging in the web3 ecosystem with the goal of improving Ethereum’s scalability. These L2s use a variety of solutions to create layers on top of Ethereum that are faster, cheaper, and yet still benefit from…

Read more →

AWS Cloud Development Kit (AWS CDK) is a powerful tool that allows developers to define cloud infrastructure in code using familiar programming languages like TypeScript, Python, and Java. However, as with any infrastructure-as-code tool, it’s important to ensure that the…

Read more →

In recent times, cybersecurity has become an increasingly important issue. Last summer, a global study found that 82% of CIOs felt that their organizations were vulnerable to cyberattacks. This is because the number of cyber-attacks and identity thefts has increased worldwide.…

Read more →

In today’s business environment, company reorganizations are common. Reorganization can be difficult for managers, especially new ones, whether due to mergers and acquisitions, changes in business strategy, or economic factors. In today’s fast-paced business world, reorganizations are becoming more common…

Read more →

When you think of Baltimore, Maryland, you might immediately think of The Ravens, Edgar Allan Poe, or Old Bay Seasoning. Moving forward, I will always associate “BMore” (as the locals call it) with improved security across the public and private…

Read more →

If you’re developing applications for a business, then one of your most important tasks is collecting payment for goods or services. Sure, providing those goods or services is essential to keeping customers happy. But if you don’t collect payments, your…

Read more →

API governance refers to the set of policies, procedures, and practices that organizations adopt to ensure the effective management and control of their Application Programming Interfaces (APIs). A well-designed API governance framework helps organizations to establish guidelines and best practices…

Read more →

In the previous article, we discussed the emergence of Date Lakehouses as the next-generation data management solution designed to address the limitations of traditional data warehouses and Data Lakes. Data Lakehouses combines the strengths of both approaches, providing a unified…

Read more →

Containerization has resulted in many businesses and organizations developing and deploying applications differently. A recent report by Gartner indicated that by 2022, more than 75% of global organizations would be running containerized applications in production, up from less than 30%…

Read more →

We have previously written posts on how to manage uncodified legacy apps on different platforms like AWS. In this post, we’d like to look at the very popular Okta platform, which provides some of the largest companies in the world…

Read more →

FileNet is a document management system developed by IBM that allows organizations to manage and store their digital content. Document Security is an essential aspect of any document management system, including FileNet.  Important Considerations for FileNet Security 1. Authentication: FileNet provides…

Read more →

In today’s digital age, organizations rely on a variety of applications and systems to carry out their business operations. However, managing user identities and access across multiple systems can be a complex and time-consuming process. This is where identity federation…

Read more →

GoCD is a popular Java CI/CD solution with a large range of users, from NGOs to Fortune 500 companies, with billions of dollars in revenue. Naturally, this makes it a critical piece of infrastructure and an extremely attractive target for…

Read more →

Identity and Access Management (IAM) is one of the critical components of any commercial software. As the name suggests, IAM solutions cover the identity of the users, their roles, privileges, authentication, and authorization. Long story short, IAM is based on…

Read more →

When you first start developing on Ethereum, you quickly discover how critical it is to test your dapps — even more so than in traditional development. But almost as quickly as learning you need to test is learning that it’s…

Read more →

TestOps is an emerging approach to software testing that combines the principles of DevOps with testing practices. TestOps aims to improve the efficiency and effectiveness of testing by incorporating it earlier in the software development lifecycle and automating as much…

Read more →

As companies rely increasingly on multiple applications residing in different regions and networks, security has become a critical concern. The process of accessing these applications can be complex and challenging, particularly when they are running in different data centers and…

Read more →

Dependency Poker is an Agile game — similar to planning poker — that enables teams to identify and manage dependencies in the development process. It can be utilized in Backlog Refinement or SAFe’s PI Planning to enhance collaboration and reduce project risks.  The…

Read more →

In this article, I will discuss the process of zipping a file using Mule 4 with AES 2565 encryption. Here is the background in some cases after generating the output file in the Unix server.the file needs to move to…

Read more →

In the aftermath of the pandemic, there have been immense changes in the ways employees interact with IT tools and teams. Not coincidentally, there’s also been a rise in the use of low/no-code development tools. Given the prevalence of hybrid…

Read more →