Category: DZone Security Zone

In today’s digital landscape, data has become the lifeblood of organizations, much like oil was in the industrial era. Yet, the genuine hurdle is converting data into meaningful insights that drive business success. With AI and generative AI revolutionizing data…

Read more →

As artificial intelligence and large language models (LLMs) continue to revolutionize the tech landscape, they also introduce new security challenges that developers, engineers, architects, and security professionals must address. At Black Hat 2024, we spoke with Mick Baccio, Global Security…

Read more →

Data Subject Access Rights (DSAR)  In the previous articles (Part 1 and Part 2), we have seen the concept of BigID and how it enhances the data in an organization. In this article, let’s see what is Data Subject Access…

Read more →

Cross-Origin Resource Sharing (CORS) is an essential security mechanism utilized by web browsers, allowing for regulated access to server resources from origins that differ in domain, protocol, or port. In the realm of APIs, especially when utilizing AWS API Gateway, configuring…

Read more →

In a world where IT infrastructure underpins countless businesses and organizations, maintaining operational integrity during critical failures or outages is non-negotiable. A key element in achieving this is ensuring that your incident alert management system remains active and accessible under…

Read more →

Computer systems in the federal government must demonstrate that they are secure. The process is known as accreditation and the goal is to receive an Authority to Operate (ATO). The ATO allows the system to be put into production for…

Read more →

Creating a solid REST API in Java requires more than a basic grasp of HTTP requests and responses. Ensuring that your API is well-designed, maintainable, and secure is essential. This article will offer four critical tips to improve your REST…

Read more →

In cyber resilience, handling and querying data effectively is crucial for detecting threats, responding to incidents, and maintaining strong security. Traditional data management methods often fall short in providing deep insights or handling complex data relationships. By integrating semantic web…

Read more →

The 2024 Black Hat conference in Las Vegas brought together some of the most influential voices in cybersecurity, offering critical insights for security professionals navigating an increasingly complex digital landscape. From the philosophical underpinnings of software development to practical strategies…

Read more →

Product and infrastructure engineering teams are not always aligned with the interests of security engineering teams. While product and infrastructure focus on driving business value and delivering practical solutions, security focuses on detection, prevention, and remediation, which can seem less…

Read more →

Federal agencies manage highly classified sensitive data, including personal information, medical records, and tax and income details of all U.S. residents. In some cases, temporary visitor data are also retained. They also handle national security information, including susceptible documents, intergovernmental…

Read more →

As artificial intelligence and large language models (LLMs) continue to reshape the technological landscape, the importance of API security has never been more critical. In a recent interview at Black Hat 2024, Tyler Shields, Vice President of Product Marketing at…

Read more →

SQLi is one of the code injection techniques that may enable an attacker to modify the queries that the application provides to the database. By far the most frequent and severe web application security threats always hide in web applications that…

Read more →

The software landscape has undergone a profound transformation over the past two decades. In the past, a substantial portion of software was designed for local desktop use. However, today, the norm for computer users is to access web-based software services…

Read more →

In an era where technology and geopolitics intersect more than ever before, the importance of cybersecurity in maintaining democratic processes cannot be overstated. At Black Hat 2024, global leaders and local officials converged to discuss the challenges and strategies for…

Read more →

This article will explore the critical topic of creating effective exceptions in your Java code. Exceptions are crucial in identifying when something goes wrong during code execution. They are instrumental in managing data inconsistency and business validation errors. We will…

Read more →

Before we ponder this question, let’s first understand the major differences between an on-premise and a cloud data security product. An on-premise data security product means the management console is on the enterprise customer’s premises, whereas the security vendor hosts…

Read more →

< section name=”02b8″> Data is the backbone of AI systems, and though the concept of Big Data quenches the data thirst of most AI systems, most of the data is not fit for use readily. To fully understand the problem…

Read more →

Security plays a key role whether you are onboarding customer workloads to the cloud, designing and developing a new product, or upgrading an existing service. Security is critical in every leg of the software development life cycle (SDLC). Application security…

Read more →

Having worked with enterprise customers for a decade, I still see potential gaps in data protection. This article addresses the key content detection technologies needed in a Data Loss Prevention (DLP) product that developers need to focus on while developing…

Read more →

Among the most often used containerizing technologies in the realm of software development are Docker and Podman. Examining their use cases, benefits, and limitations, this article offers a thorough comparison of Docker and Podman. We will also go over useful…

Read more →

With the passing of time, new versions of the dependencies are released into the market. We need to update the respective dependencies versions in the project as these versions have new changes and fixes for the security vulnerabilities. It is…

Read more →

By now we’ve all heard about —  or been affected by — the CrowdStrike fiasco. If you haven’t, here’s a quick recap. An update to the CrowdStrike Falcon platform, pushed on a Friday afternoon, caused computers to crash and be…

Read more →

Docker is the obvious choice for building containers, but there is a catch: writing optimized and secure Dockerfiles and managing a library of them at scale can be a real challenge. In this article, I will explain why you may…

Read more →

One-time passwords are one of the most relied-on forms of multi-factor authentication (MFA). They’re also failing miserably at keeping simple attacks at bay. Any shared secret a user can unknowingly hand over is a target for cybercriminals, even short-lived TOTPs.…

Read more →

We often hear about the importance of developers and the role they play in the success of a business. After all, they are those craftsmen who create the software and apps that make businesses run smoothly.  However, there is one…

Read more →

The birth of AI dates back to the 1950s when Alan Turing asked, “Can machines think?” Since then, 73 years have passed, and technological advancements have led to the development of unfathomably intelligent systems that can recreate everything from images…

Read more →

In this post, we’ll explain all the steps required to connect a Mule application to Salesforce using the Salesforce connector with the OAuth JWT flow. You can also create your own certificate for the OAuth JWT flow with Salesforce or…

Read more →

When we think of the Internet of Things (IoT), our imaginations are often limited to consumer applications: smart homes, smart transportation, smart offices, etc. However, these account for just the tip of the iceberg when it comes to IoT. Just…

Read more →

I recently sat in on a discussion about programming based on user location. Folks that are way smarter than me covered technical limitations, legal concerns, and privacy rights. It was nuanced, to say the least. So, I thought I’d share…

Read more →

AI vulnerabilities: From medical diagnostics to autonomous vehicles, discover how changing a single pixel can compromise advanced deep learning models and explore the critical challenges to securing our AI-powered future. Introduction Deep learning (DL) is a fundamental component of Artificial…

Read more →

Buy Now, Pay Later (BNPL) solutions are altering the way in which clients connect to payment systems by offering financial flexibility and enhancing the checkout experience. This guide offers developers and architects comprehensive knowledge on integrating your checkout process with…

Read more →

The latest release of Angular, which is presently version 18.1.1, offers a wide range of features for developing robust and scalable web applications in Angular. However, safety continues to be of concern. In this article, we will discuss the configurations…

Read more →

DevOps has become the groundwork for delivering top-notch applications quickly and efficiently in today’s agile development. Its efficiency and speed can also cause notable security threats if vulnerabilities are not managed properly. Sixty percent of data breaches succeed because organizations…

Read more →

The Trivial Answer Most engineers know that we must have green builds because a red build indicates some kind of issue. Either a test did not pass, or some kind of tool found a vulnerability, or we managed to push…

Read more →

Data has become a valuable commodity in today’s digital era. It innovatively drives businesses to make informed decisions and personalized experiences for their customers, optimize operational efficiency, and accurately predict market trends. However, data’s immense value comes with an equally…

Read more →

Technology in the digital age has revolutionized our lives. However, this convenience comes with a growing threat: cybercrime. Malicious actors, ranging from petty thieves to sophisticated cybercriminals, operate online, seeking to exploit vulnerabilities and steal sensitive information, financial data, and…

Read more →

Digital transformation initiatives are ongoing processes for software developers in particular, and organizations at large must constantly adapt while enabling seamless workplace-cultural shifts and enhancing relevance to global users. With the increasing sophistication of cyber threats and the growing reliance…

Read more →

When it comes to secure web applications, we must keep sensitive data secure during the communication period. Sadly, while HTTPS encrypts data as it moves from point A to point B, the information is still exposed in a browser’s network…

Read more →

A microservice system could have a high number of components with complex interactions. It is important to reduce this complexity, at least from the standpoint of the clients interacting with the system. A gateway hides the microservices from the external…

Read more →

In today’s dynamic business environment, cloud computing has become a crucial enabler, offering enterprises unmatched scalability, flexibility, and cost-efficiency. Amazon Web Services (AWS), a leading cloud service provider, has transformed how organizations manage their IT infrastructures and applications. With AWS…

Read more →

Today’s fraud prevention processes are far smoother than they used to be. Automated alert systems and authentication measures are now standard, but these relatively simple, rules-based solutions are still imperfect. The growing field of behavioral biometrics offers a more reliable…

Read more →

In a world where innovation and productivity are paramount, the rise of Shadow IT has become an unavoidable reality for many organizations. A recent survey by Next DLP revealed a startling statistic: 73% of security professionals admitted to using unauthorized…

Read more →

AI is revolutionizing how Software-as-a-Service (SaaS) applications work, making them more efficient and automated than ever before. However, this rapid progress has opened up a Pandora’s box of new security threats. From the sly manipulation of data to the gradual…

Read more →

Effective security requires a shared responsibility model. Developers are already overburdened with their primary tasks of writing code and delivering features, and we think it is not realistic to expect them to know everything about security, be responsible for triaging…

Read more →

In the interconnected world of today, APIs (Application Programming Interface) are the invisible bridges that let applications talk to one another. But to those that with great power, there must also come great responsibility! They need to be able to…

Read more →

Imagine this: You are days away from a release, and your Python codebase is versioned, tagged, and marked as a Release Candidate. Hours from the release, out of nowhere appears a BUG! You set up a War Room, dig through…

Read more →

The Hidden Threats in Large Language Models A backdoor attack in the context of large language models (LLMs) refers to a type of malicious activity where an adversary intentionally inserts hidden triggers into the model during its training phase. These…

Read more →

Delivering secure application services free from exposed vulnerabilities — without imposing overbearing authentication controls that frustrate users, or draconian code review requirements that inhibit developer innovation — is a challenge as old as the internet itself.  Organizations naturally prioritize building…

Read more →

Over the last decade, the eBPF open-source project quietly laid the groundwork for major evolutionary gains in Linux subsystems and how they keep pace with the new world of microservices and distributed applications. Today, that foundation has made possible eBPF…

Read more →

Golden Amazon Machine Images (AMIs) are the foundation for launching consistent and efficient instances in your AWS cloud environment. Ensuring their security and immutability is paramount. This guide delves into how Software Bill of Materials (SBOMs), cryptographic signing, and runtime…

Read more →

In an era where digital transformation is rapidly advancing, the importance of cybersecurity cannot be overstated. One of the essential aspects of maintaining robust security is penetration testing, commonly known as pentesting. This guide aims to provide beginners with a…

Read more →

Recently in one of my projects, there was a requirement to create JWT within the MuleSoft application and send that as an OAuth token to the backend for authentication. After doing some research, I got to know several ways to…

Read more →

What Is the regreSSHion Vulnerability (CVE-2024-6387)? regreSSHion is a newly discovered vulnerability in OpenSSH that affects glibc-based Linux systems. regreSSHion (CVE-2024-6387) may allow arbitrary code execution with root privileges on systems with default configurations. Why Is Everyone Worried About the…

Read more →

Zero-day threats are becoming more dangerous than ever. Recently, bad actors have taken over the TikTok accounts of celebrities and brands through a zero-day hack. In late May to early June, reports of high-profile TikTok users losing control over their…

Read more →

Deploying microservices in a Kubernetes cluster is critical in 5G Telecom. However, it also introduces significant security risks. While firewall rules and proxies provide initial security, the default communication mechanisms within Kubernetes, such as unencrypted network traffic and lack of…

Read more →

In 2024, GitGuardian released the State of Secrets Sprawl report. The findings speak for themselves; with over 12.7 million secrets detected in GitHub public repos, it is clear that hard-coded plaintext credentials are a serious problem. Worse yet, it is a…

Read more →

Today’s network infrastructure is rapidly changing with the adoption of hybrid and multi-cloud architectures to leverage the benefits of flexibility, scalability, and redundancy. These advantages come with their own set of challenges, particularly in securing access to resources and users spread…

Read more →

The world of online security may seem complex, but understanding the basics of how SSL certificates work and why HTTPS is essential can empower you to make safer choices online. Just like Jane, you can navigate the digital landscape with…

Read more →

The use of Blockchain technology is growing rapidly. The creation of decentralized applications is rising. The issues that need solving include cross-chain interoperability. It lets dApps easily connect and work with different blockchains. Improvement of the dApps is also needed.…

Read more →

In the fast-changing world of tech, companies must get their apps out quickly but can’t forget to keep them safe. Gone are the days when security checks happened only after making the app. Now, there’s an intelligent way called DevSecOps…

Read more →

Spoofing is a type of cyber-attack used by hackers to gain unauthorized access to a computer or a network, IP spoofing is the most common type of spoofing out of the other spoofing method. With IP Spoofing the attacker can…

Read more →

Whether on the cloud or setting up your AIOps pipeline, automation has simplified the setup, configuration, and installation of your deployment. Infrastructure as Code(IaC) especially plays an important role in setting up the infrastructure. With IaC tools, you will be…

Read more →

In today’s digital landscape, web application security has become a paramount concern for developers and businesses. With the rise of sophisticated cyber-attacks, simply reacting to threats after they occur is no longer sufficient. Instead, predictive threat analysis offers a proactive…

Read more →

First, let’s explore the practical applications and advantages of deploying IPSec over SD-WAN. 1. Branch Office Connectivity Secure branch-to-branch communication: Securely connects branch offices to each other and to the headquarter using IPSec tunnels over SD-WAN, IPSec provides encrypted and…

Read more →

You’ve probably heard a lot about zero-trust security lately, and for good reason. As we move more of our applications and data to the cloud, the traditional castle-and-moat approach to security just doesn’t cut it anymore. This makes me come to the…

Read more →

Generative AI (GenAI) has shown immense potential in transforming various sectors, from healthcare to finance. However, its adoption at scale faces several challenges, including technical, ethical, regulatory, economic, and organizational hurdles. This paper explores these challenges and proposes prompt decomposition…

Read more →

Honeypots are the digital traps used by cybersecurity professionals to lure in attackers. These traps imitate real systems and services, such as web servers or IoT devices, to appear as genuine targets. The goal of a honeypot is to deceive…

Read more →

Zero Trust is a well-known but ‘hard-to-implement’ paradigm in computer network security. As the name suggests, Zero Trust is a set of core system design principles and concepts that seek to eliminate the practice of implicit trust-based security. The core…

Read more →

Email remains one of the most common vectors for cyber attacks, including phishing, malware distribution, and social engineering. Traditional methods of email security have been effective to some extent, but the increasing sophistication of attackers demands more advanced solutions. This…

Read more →

In today’s security landscape, OAuth2 has become a standard for securing APIs, providing a more robust and flexible approach than basic authentication. My journey into this domain began with a critical solution architecture decision: migrating from basic authentication to OAuth2…

Read more →

This article will review the principles behind various OpenID Connect (OIDC) authentication flows, from the simplest to the most modern, highlighting the vulnerabilities present in each. We will explore each of the following OpenID Connect flows in detail: This article…

Read more →

In this second post, we’ll be reviewing more topics that you should take into consideration if you’re planning a VPN migration.  If you missed the first part, you can start from there.  This article has been indexed from DZone Security…

Read more →

You might need to migrate your MuleSoft legacy VPNs to Anypoint VPN. You might be changing your routing, from static to dynamic. Or maybe, you’re moving to Cloudhub 2.0. It doesn’t matter, you need to migrate your VPN.  A VPN…

Read more →

What Is Data Governance? Data governance is a framework that is developed through the collaboration of individuals with various roles and responsibilities. This framework aims to establish processes, policies, procedures, standards, and metrics that help organizations achieve their goals. These…

Read more →

In today’s digital age, URL-shortening services like TinyURL and bit.ly are essential for converting lengthy URLs into short, manageable links. While many blogs focus on how to build such systems, they often overlook the security aspects. Here, we have threat-modeled…

Read more →

The cybersecurity industry was once again placed on high alert following the discovery of an insidious software supply chain compromise. The vulnerability, affecting the XZ Utils data compression library that ships with major Linux distributions, is logged under CVE-2024-3094 and…

Read more →

Software development is becoming complex, and a new approach is being used to create cross-functional hybrid teams.  This means some developers work on-site while others develop parts of software code remotely. While this approach has benefited agility, speed, and scalability,…

Read more →

In the face of an ever-evolving threat landscape, organizations are constantly seeking innovative solutions to bolster their cyber resilience. Index Engines, a leading cyber security company, has taken a significant step forward in this direction with the announcement of an industry-first…

Read more →

Troubleshooting IPsec VPN Site-to-Site connections on a FortiGate firewall can be challenging due to the complex nature of VPN connections. Here’s a structured approach to diagnose and resolve common IPsec VPN problems between two sites: “Headquarter” and “Branch”. Topology This…

Read more →

Kubernetes is a de facto platform for managing containerized applications. It provides a rich ecosystem for deployment, scaling, and operations with first-class support (tons of ready configs and documentation) on the Google Cloud platform. Given the growing importance of data…

Read more →

“Cloud resources” is a term that refers to various components and services available in cloud computing environments. On-demand scaling and flexible IT infrastructure are provided by cloud resources. To deploy and scale applications, and store and manage data, organizations leverage…

Read more →

This headline came across my email the other day, and it really got me thinking:  “Number of vulnerable IoT devices increases 136%” This article has been indexed from DZone Security Zone Read the original article: IoT Needs To Get Serious…

Read more →

Secure Access Service Edge (SASE) enhances security by converging network and security services into a single, cloud-native architecture. The model is designed to meet the challenges of modern IT environments, with a rising tendency to use the cloud, mobile workforce,…

Read more →

Snowflake, a leading cloud data warehousing provider, has been impacted by a major data breach recently. This incident, which surfaced in June 2024, has sent ripples through the tech community, affecting prominent clients like Advance Auto Parts, Santander Bank, and…

Read more →

Traditional cybersecurity measures may not be enough to protect organizations from new and emerging threats in today’s fast-paced digital world. Security systems need to be advanced along with technology and also should be flexible and adaptable. Composable security is an…

Read more →

The rapid advancement of large language models (LLMs) has ignited both excitement and apprehension. While their potential for good is immense, so too is the possibility of misuse and unintended consequences. Understanding the specific dangers these powerful AI systems pose…

Read more →

Can you monitor your internal SSL certificates? This was a question we frequently heard from our clients. Many organizations keep their services (web, database, etc.) inaccessible on the public internet, for security, compliance, cost, and other reasons. At TrackSSL, we…

Read more →

For developers, engineers, and architects, turning raw data into actionable insights has long been a complex and time-consuming challenge. But Sigma Computing is on a mission to change that with its innovative cloud-native data analytics platform built on Snowflake. “Snowflake…

Read more →

As they evolve, quantum computers will be able to break widely used cryptographic protocols, such as RSA and ECC, which rely on the difficulty of factoring large numbers and calculating discrete logarithms. Post-quantum cryptography (PQC) aims to develop cryptographic algorithms…

Read more →

Azure Entra Id, formerly Azure Active Directory is a comprehensive Identity and Access Management offering from Microsoft. While it encompasses many functionalities, the article will focus on Managed Identities. Why Managed Identities? Initially, Azure resources were accessed using connecting strings–keys…

Read more →

Security Operations Centers (SOCs) play a crucial role in detecting, responding to, and mitigating security threats in an increasingly complex threat landscape. One fundamental aspect of SOC efficiency is the tuning of alerts to ensure accurate and timely threat detection…

Read more →

Network onboarding — the process through which new devices gain access to an organization’s network— is a cornerstone of IT operations, affecting everything from security to user satisfaction. Traditionally, this process has been fraught with challenges, particularly at scale. In environments…

Read more →

As a seasoned security architect, I have witnessed the transformative impact of AI and ML on the software development landscape, particularly in the context of API security. The advent of GenAI, with its ability to rapidly generate code and entire…

Read more →

Diligent software developers must follow secure development practices, industry standards, and regulatory requirements when handling software vulnerabilities. Handling vulnerabilities is a complex, multi-step process that involves various methods and stages. One effective approach to finding vulnerabilities is through Bug Bounty…

Read more →

Every day, the use of smartphones increases, together with the advancement of the operating system of Android. Subsequently, there have been reports of malicious individuals and hackers capitalizing on the exploits that Android has to offer to gain access to…

Read more →

Today we use AI to offer simpler solutions to intricate problems in various sectors such as education, transportation, finance, and healthcare. Due to this reason, it is very important to adhere to best practices and standards. Adhering to AI principles…

Read more →

Vue.js is a popular JavaScript framework, and as such, it is crucial to ensure that its components work as they are supposed to: effectively, and more importantly, reliably. Mocking dependencies is one of the most efficient methods of testing, as…

Read more →

Dependency Injection is one of the foundational techniques in Java backend development, helping build resilient and scalable applications tailored to modern software demands. DI is used to simplify dependency management by externalizing dependencies from the class itself, streamlining code maintenance,…

Read more →

The Challenge JWT tokens are widely used for securing APIs through authentication and authorization. When an API request arrives, the resource server decodes and verifies the JWT token, typically validating the signature for authentication and checking claims or scopes for…

Read more →