Category: DZone Security Zone

Remote working arrangements are popular perks for developers. Many appreciate that they can do their jobs without daily commutes. Hiring managers and other decision-makers also like how remote work removes the geographical limitations of physical offices, making it possible to…

Read more →

In today’s digital landscape, securing sensitive data has become more critical than ever. With cyber threats on the rise, organizations need robust solutions to protect their valuable information. This is where Key Management Systems (KMS) and Hardware Security Modules (HSM)…

Read more →

In the dynamic landscape of digital transformation, where Application Programming Interfaces (APIs) serve as the backbone of connectivity and innovation, maintaining control and compliance becomes paramount. API governance, the set of policies, processes, and procedures for managing APIs, plays a…

Read more →

In the ever-evolving landscape of software development, where speed and security often seem to be at odds, DevSecOps emerges as a pivotal strategy. It’s a methodology that integrates security practices within the DevOps process. As a Chief Architect with extensive…

Read more →

In a digitally-driven world where organizations are entrusted with increasing volumes of sensitive data, establishing trust and credibility is non-negotiable. Regular auditing and accountability play pivotal roles in achieving these goals. An audit is like a comprehensive health check that…

Read more →

If you’re building an application that needs to go toward production, you’ll undoubtedly need to serve it up securely with SSL. What that entails varies from provider to provider, and you’ll encounter differing levels of complexity (and cost) in getting…

Read more →

Blockchain technology is a novel solution to privacy concerns and risks associated with the storage and maintenance of biometric data. Blockchain is a form of distributed ledger technology that shares infrastructure across several cybersecurity applications. It underlies cryptocurrencies such as…

Read more →

In February 2024, a slew of notable entities fell victim to cybercrime, ranging from UnitedHealth and the personal accounts of Axie Infinity’s co-founder to Hewlett Packard Enterprise, AnyDesk, and various French healthcare payment service providers like Viamedis and Almerys. Even…

Read more →

To navigate the digital landscape safely, organizations must prioritize building robust cloud infrastructures, and sanctuaries for their valuable data. The foundation of a secure cloud architecture requires steadfast principles and guiding decisions like invisible forces that form a resilient structure.…

Read more →

In the realm of software development, Application Programming Interfaces (APIs) are akin to a magic glue that binds different systems together, allowing them to communicate and work in harmony. An API acts as the user interface for API consumers and…

Read more →

As enterprises strive to produce results rapidly in a dependable and sustainable manner, the significance of the underlying data becomes paramount. A major challenge in managing this data is the diverse set of capabilities required within a data architecture. It’s…

Read more →

Good Old History: Sessions Back in the old days, we used to secure web applications with sessions. The concept was straightforward: upon user authentication, the application would issue a session identifier, which the user would subsequently present in each subsequent…

Read more →

Cyber threats are growing more sophisticated, frequent, and damaging, with the average cost of a data breach now reaching $4.24 million, according to IBM’s 2021 report. Clearly, organizations need more robust cybersecurity protections in place, which is leading many to…

Read more →

As we advance into 2024, the landscape of DevOps is undergoing a transformative shift. Emerging technologies, evolving methodologies, and changing business needs are redefining what it means to implement DevOps practices effectively. This article explores DevOps’s key trends and adaptations…

Read more →

While working on a user model, I found myself navigating through best practices and diverse strategies for managing a token service, transitioning from straightforward functions to a fully-fledged, independent service equipped with handy methods. I delved into the nuances of…

Read more →

With technology and data growing at an unprecedented pace, cloud computing has become a no-brainer answer for enterprises worldwide to foster growth and innovation. As we swiftly move towards the second quarter of 2024, predictions by cloud security reports highlight…

Read more →

Generative Artificial Intelligence (AI) has emerged as a transformative technology with vast potential for innovation across various sectors. However, the widespread adoption of generative AI raises significant concerns regarding privacy, fairness, and accountability, particularly in data sharing.  This article explores…

Read more →

The continuous integration/continuous delivery (CI/CD) pipeline represents the steps new software goes through before release. However, it can contain numerous vulnerabilities for hackers to exploit. 1. Vulnerabilities in the Code Many software releases get completed on such tight time frames…

Read more →

In the digital age, where data breaches and cyber threats loom large, ensuring the security of your digital assets is paramount. Businesses are in dire need of robust tools that not only detect threats in real time but also provide…

Read more →

As a developer, engineer, or architect, managing and securing growing volumes of data across multiple environments can be a complex and time-consuming task. Cohesity, a leading data management company, recently presented at the 54th IT Press Tour, highlighting how their…

Read more →

In the interconnected realm of modern software architecture, Application Programming Interfaces (APIs) are the fundamental building blocks that allow disparate systems, applications, and services to communicate with each other. They facilitate the exchange of data and functionality, enabling a seamless…

Read more →

In the rapidly evolving landscape of Kubernetes, security remains at the forefront of concerns for developers and architects alike. Kubernetes 1.25 brings significant changes, especially in how we approach pod security, an area critical to the secure deployment of applications.…

Read more →

Why Do Organizations Need Secure Development Environments? The need to secure corporate IT environments is common to all functions of organizations, and software application development is one of them. At its core, the need for securing IT environments in organizations…

Read more →

Cyberattacks are a common and permanent threat. This paper is the first in a series about cybersecurity. The aim is to provide software engineers with an understanding of the main threats and how to address them. Most exploits are based…

Read more →

Hype is a funny thing. Sometimes you find yourself in a Godfather Part 2 situation where the hype is totally justified. You hear about it. You try it. Life is changed. Hooray! Other times, you find yourself in more of…

Read more →

Vishing, a fusion of “voice” and “phishing,” represents a sophisticated social engineering tactic that leverages telephonic communication to extract sensitive personal or administrative information. Though not a novel concept, historical instances underscore the enduring efficacy of vishing in breaching security…

Read more →

Connecting AWS Lambda to an AWS RDS instance allows you to build serverless applications that can interact with relational databases, thereby enabling you to manage database operations without provisioning or managing servers. This comprehensive guide walks you through the process…

Read more →

Solix, a leading provider of data management and integration solutions, recently presented to the 54th IT Press Tour, sharing insights into how their solutions can help developers, engineers, and architects organize enterprise data and optimize infrastructure. With a mission “to…

Read more →

The modern data stack represents the evolution of data management, shifting from traditional, monolithic systems to agile, cloud-based architectures. It’s designed to handle large amounts of data, providing scalability, flexibility, and real-time processing capabilities. This stack is modular, allowing organizations…

Read more →

Overview This documentation provides a comprehensive guide to setting up a Virtual Private Network (VPN) server using Pritunl, a popular open-source VPN server management platform. By following these steps, users can establish a secure and private network infrastructure suitable for…

Read more →

Artificial intelligence (AI) offers transformative potential across industries, yet its vulnerability to adversarial attacks poses significant risks. Adversarial attacks, in which meticulously crafted inputs deceive AI models, can undermine system reliability, safety, and security. This article explores key strategies for…

Read more →

What Is Incident Management? Incident management is the process of identifying, responding, resolving, and learning from incidents that disrupt the normal operation of a service or system. An incident can be anything from a server outage, a security breach, a…

Read more →

According to a report by MarketsandMarkets, the global AI in cybersecurity market is projected to skyrocket from $8.8 billion in 2020 to an estimated $38.2 billion by 2026, marking a staggering 23.3% compound annual growth rate during the forecast period.…

Read more →

This article provides a brief overview of techniques that can be used in your mobile iOS application to keep it secure enough for the vast majority of cases. If you are a junior or middle iOS developer and have not…

Read more →

Cloud computing has revolutionized software organizations’ operations, offering unprecedented scalability, flexibility, and cost-efficiency in managing digital resources. This transformative technology enables businesses to rapidly deploy and scale services, adapt to changing market demands, and reduce operational costs. However, the transition…

Read more →

Creating an OAuth 2.0 Authorization Server from scratch involves understanding the OAuth 2.0 framework and implementing its various components, such as the authorization endpoint, token endpoint, and client registration. In this detailed guide, we’ll walk through building a simple OAuth…

Read more →

When superior performance comes at a higher price tag, innovation makes it accessible. This is quite evident from the way AWS has been evolving its services:  gp3, the successor of gp2 volumes: Offers the same durability, supported volume size, max IOPS…

Read more →

Last week, we listed 16 practices to help secure one’s APIs and described how to implement them with Apache APISIX. Authentication: Verifies the identity of users accessing APIs. Authorization: Determines permissions of authenticated users. Data Redaction: Obscures sensitive data for…

Read more →

Generative AI (GenAI) represents a significant leap in artificial intelligence, enabling the creation of novel and realistic data, from text and audio to images and code. While this innovation holds immense potential, it also raises critical concerns regarding data security…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, The Modern DevOps Lifecycle: Shifting CI/CD and Application Architectures. Software supply chains (SSCs) have become a prevalent topic in the software development world, and for…

Read more →

Developers need feedback on their work so that they know whether their code is helping the business. They should have “multiple feedback loops to ensure that high-quality software gets delivered to users”[1]. Development teams also need to review their feedback…

Read more →

There are several steps involved in implementing a data pipeline that integrates Apache Kafka with AWS RDS and uses AWS Lambda and API Gateway to feed data into a web application. Here is a high-level overview of how to architect this…

Read more →

Digital security has become a significant worry for organizations of different sizes in today’s fast-paced world. With the rate at which digital threats continue to develop, enhancing security measures is very important to protect vulnerable data and infrastructure. This defense…

Read more →

As Managed Service Providers (MSPs) continue to play a crucial role in managing IT services for businesses, understanding the landscape of cybersecurity threats becomes paramount. The year 2024 is no exception, with cybercriminals employing more sophisticated methods to breach defenses.…

Read more →

Critical Infrastructure Protection is the need to safeguard a nation/region’s important infrastructures, such as food, agriculture, or transportation. Critical infrastructures include transportation systems, power grids, and communication systems. Critical infrastructure protection is important to communities because any damage to these…

Read more →

In fintech application mobile apps or the web, deploying new features in areas like loan applications requires careful validation. Traditional testing with real user data, especially personally identifiable information (PII), presents significant challenges. Synthetic transactions offer a solution, enabling the…

Read more →

Have you authorized an application to access Salesforce without giving your credentials to that application? Then, you must have used a Salesforce OAuth authorization flow. OAuth is a standard for authorization. Salesforce uses several OAuth flows, and all these flows…

Read more →

In today’s digital age, the proliferation of Deepfake technology and voice phishing (vishing) tactics presents a significant challenge to the authenticity and security of digital communications. Deepfakes manipulate audio and video to create convincing counterfeit content, while vishing exploits voice…

Read more →

Concerns about internet privacy and security are more common than ever in the quickly changing digital environment. As individuals and organizations participate in a variety of online activities, the necessity to protect sensitive information has resulted in the widespread use…

Read more →

SQL injection remains one of the most pernicious forms of security vulnerabilities facing databases today. This attack method exploits security weaknesses in an application’s software by injecting malicious SQL statements into an execution field. For databases hosted on Amazon RDS…

Read more →

In the rapidly evolving world of cloud-native technologies, Kubernetes has emerged as the de facto orchestration tool, enabling businesses to deploy, manage, and scale containerized applications with unparalleled efficiency. However, as the complexity of deployments grows, ensuring compliance and governance…

Read more →

Statelessness in RESTful applications poses challenges and opportunities, influencing how we manage fundamental security aspects such as authentication and authorization. This blog aims to delve into this topic, explore its impact, and offer insights into the best practices for handling…

Read more →

Welcome to the final step in creating your Collectibles portal! (for part 1, see here). In this part, we’ll focus on building the front end — the last piece of the puzzle. Here’s what we’ll achieve: This article has been…

Read more →

Docker images play a pivotal role in containerized application deployment. They encapsulate your application and its dependencies, ensuring consistent and efficient deployment across various environments. However, security is a paramount concern when working with Docker images. In this guide, we…

Read more →

Web applications have become deeply integrated into business operations and everyday life. However, this reliance also introduces major security risks if applications are not properly coded and configured. Implementing secure coding practices is, therefore, essential for any web application. Not…

Read more →

In today’s world, where everything is connected to the internet, cybersecurity is more significant than ever. Cyberattacks can cause serious damage to individuals, businesses, and governments by stealing data, disrupting services, or compromising systems. To prevent these attacks, we must…

Read more →

A couple of months ago, I stumbled upon this list of 16 practices to secure your API: Authentication: Verifies the identity of users accessing APIs. Authorization: Determines permissions of authenticated users. Data redaction: Obscures sensitive data for protection. Encryption: Encodes data…

Read more →

AI is rapidly changing the way that people develop and build their own apps, automation, and copilots, helping enterprises improve efficiency and outputs without further straining IT and the help desk. While this is leveling the playing field for software…

Read more →

Who doesn’t want to be treated as a safe, trustworthy, and reliable business? It’s hard to find anybody in the IT or cybersecurity area who would say that they don’t. That is the reason why everybody who works with data…

Read more →

With a rapidly increasing reliance on online networks, cloud computing, and online data storage, companies must strengthen their cybersecurity procedures. As the cyber terrain grows, so does the onslaught of cyber threats that put companies at risk of data breaches,…

Read more →

DevSecOps, short for Development, Security, and Operations, is an approach to software development that integrates security practices into the DevOps (Development and Operations) process. The main goal of DevSecOps is to ensure that security is an integral part of the…

Read more →

In this article, we’ll talk about fine-grained access control in DB2 – hiding data that is, in fact, present in the database, but should not be accessible to certain users. Fine-grained access control is usually done in the database itself…

Read more →

Cybersecurity threats are acts performed by people with hurtful expectations, whose objective is to take information, do harm or disrupt computing systems. Normal classes of cyber threats include malware, social engineering, man-in-the-middle (MitM) attacks, denial of service (DoS), and injection…

Read more →

< div> In the fast-paced digital landscape, where connectivity is paramount, the need for robust cybersecurity measures in networking has never been more critical. This article delves into the latest trends and best practices in cybersecurity, aiming to provide insights…

Read more →

I started research for an article on how to add a honeytrap to a GitHub repo. The idea behind a honeypot weakness is that a hacker will follow through on it and make his/her presence known in the process.  My…

Read more →

The rapid advancement of artificial intelligence (AI) in cybersecurity has been widely celebrated as a technological triumph. However, it’s time to confront a less discussed but critical aspect: Is AI becoming more of a liability than an asset in our…

Read more →

In the rapidly evolving world of blockchain technology, building decentralized applications (dApps) presents a unique opportunity for developers to explore the potential of Ethereum and smart contracts. This article aims to guide you through the process of creating a simple…

Read more →

The NIST AI RMF (National Institute of Standards and Technology Artificial Intelligence Risk Management Framework) provides a structured framework for identifying, assessing, and mitigating risks associated with artificial intelligence technologies, addressing complex challenges such as algorithmic bias, data privacy, and…

Read more →

Cloud services have transformed organizational approaches to security, presenting a range of tools and features to strengthen defenses against evolving threats. This study examines the multifaceted involvement of cloud service providers in enhancing security through Anti-CSRF tokenization and the establishment…

Read more →

Have you ever wondered what gives the cloud an edge over legacy technologies? When answering that question, the obvious but often overlooked aspect is the seamless integration of disparate systems, applications, and data sources. That’s where Integration Platform as a…

Read more →

SIEM solutions didn’t work perfectly well when they were first introduced in the early 2000s, partly because of their architecture and functionality at the time but also due to the faults in the data and data sources that were fed…

Read more →

Setting up robust network security in Kubernetes is a challenge that demands both precision and adaptability. NetworkPolicy offers the potential for highly specific network configurations, enabling or blocking traffic based on a comprehensive set of criteria. However, the dynamic nature…

Read more →

In the last few years, many organizations from various industries, including retail, media, healthcare, automotive, finance, aviation, real estate, etc., have been affected by security incidents or data breaches. Q2 2023 saw 2.6 times more data breaches than Q1 2023.…

Read more →

Any organization with interconnected systems must prioritize integration security in order to safeguard sensitive business and customer information. But with so many options for securing integrations, picking the right combination of features and protocols could make or break your security.…

Read more →

The era of digital transformation has ushered in a new dimension of data management challenges, with businesses of all sizes grappling with how to safeguard their critical data assets. Amid this backdrop, hybrid cloud backup has emerged as a pivotal…

Read more →

Security is an important aspect of any software application. Often, it is the least priority and is overlooked while designing a system. The main focus is emphasized on functional and non-functional requirements to design our system for end users. However,…

Read more →

How Secure Cloud Development Addresses the Challenge of Working Securely With Remote Teams The landscape of software development is constantly changing, and secure Cloud Development Environments (CDEs) have brought about a remarkable transformation in secure project management and execution when…

Read more →

Kubernetes is a robust container orchestration technology that is extensively used for containerized application deployment, scaling, and management. While Kubernetes provides a number of capabilities for protecting containerized workloads, it is critical to understand and handle numerous security aspects in…

Read more →

Amazon Web Services (AWS) Relational Database Service (RDS) simplifies the setup, operation, and scaling of a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and…

Read more →

IoT has ushered in an era of unprecedented connectivity and data collection. IoT edge devices, ranging from sensors to industrial machines, have become integral to various industries, offering insights, automation, and efficiency. However, managing a large number of these edge…

Read more →

In this tutorial, we’ll learn how to build a website for collecting digital collectibles (or NFTs) on the blockchain Flow. We’ll use the smart contract language Cadence along with React to make it all happen. We’ll also learn about Flow,…

Read more →

Data, often referred to as the lifeblood of modern businesses, enables organizations to embrace innovations that further enhance productivity. However, harnessing this power comes with great risks. Increasing reliance on data being collected comes with the challenges of safeguarding this…

Read more →

Many government bodies have historically been averse to open-source software (OSS). Now that OSS has gained popularity and shown what it can do in the private sector, that’s changing. The open-source movement holds significant potential for public agencies, too, especially…

Read more →

In the digital age, the security landscape is continually evolving, with malicious actors developing and deploying a variety of sophisticated malware to exploit systems, steal data, and disrupt operations. Understanding the diverse array of malware types is crucial for individuals,…

Read more →

Year by year, artificial intelligence evolves and becomes more efficient for solving everyday human tasks. But at the same time, it increases the possibility of personal information misuse, reaching unprecedented levels of power and speed in analyzing and spreading individuals’…

Read more →

In the paradigm of zero trust architecture, Privileged Access Management (PAM) is emerging as a key component in a cybersecurity strategy, designed to control and monitor privileged access within an organization. This article delves into the pivotal role of PAM…

Read more →

The Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is…

Read more →

The term ‘security posture” is used to describe the state of an organization’s overall security and response readiness. Multiple solutions are emerging that aggregate findings to provide a holistic view of enterprise security risks. Security posture can also be seen…

Read more →

In this blog, I would like to share a few best practices for creating highly secure applications in Mule 4 (security at various levels/layers — application, data, etc.) for all deployment options. Most of the configuration details (relevant to security)…

Read more →

The continuous upgrades in the landscape of web development are empowering software developers every day with all the leverage they need to enhance performance, improve efficiency, and create richer user experiences across various domains. Enter WebAssembly (Wasm), a game-changing technology…

Read more →

Data security and privacy are one of the top priorities for organizations and their clients in the current digital era. Industry standards and regulatory frameworks have been developed to make sure that businesses manage sensitive data appropriately. The SOC (System…

Read more →

This article underscores the vital role of data in the creation of applications that deliver precise outputs aligned with business requirements. To architect and cultivate an application that yields precise outputs in alignment with business requirements, paramount emphasis must be…

Read more →

Composability in blockchains refers to a framework that permits the interaction and interconnection of discrete elements, especially smart contracts. This kind of modular ecosystem is important as it helps programmers utilize existing components to build advanced systems very quickly. In…

Read more →

In today’s digital age, data is the lifeblood of small and medium-sized businesses (SMBs). Whether it’s customer records, financial data, or intellectual property, the loss of critical information can be disastrous. To safeguard against such potential disasters, SMBs must invest…

Read more →

What Is Patch Management? Patch management is a proactive approach to mitigate already-identified security gaps in software. Most of the time, these patches are provided by third-party vendors to proactively close the security gaps and secure the platform, for example.…

Read more →

User experience stands at the forefront of technological advancements in the rapidly evolving modern business landscape.  Admit it; if your platform isn’t offering a seamless experience to your targeted audience and you fail to create an impression when a user…

Read more →

The evolution of web application deployment demands efficient canary release strategies. In the realm of canary releases, various solutions exist. Traditional “big bang” deployments for web applications pose significant risks, hindering rapid innovation and introducing potential disruption. Canary deployments offer…

Read more →

Remote Developers Are Part of the Liquid Workforce The concept of a liquid workforce (see Forbes, Banco Santander, etc.) is mostly about this: A part of the workforce is not permanent and can be adapted to dynamic market conditions. In…

Read more →

Data lineage is the tracking and visualization of the flow and transformation of data as it moves through various stages of a data pipeline or system. In simpler terms, it provides a detailed record of the origins, movements, transformations, and…

Read more →

At the moment, there is a constantly increasing number of smart video cameras collecting and streaming video throughout the world. Of course, many of those cameras are used for security.  In fact, the global video surveillance market is expected to…

Read more →