Category: DZone Security Zone

In a rapidly changing business environment, data backup strategies for small and large organizations have evolved beyond traditional methods. Data ecosystems’ growing complexity and potential risks highlight the need for comprehensive data backup and recovery strategies. Many organizations experience data…

Read more →

Cloud computing has been a major trend for a decade. In 2015, it saw triple-digit annual growth. Although by the end of 2019, the largest cloud providers grew at a slower rate, just 31% annually, and this rate was expected…

Read more →

In this post, you discover where Platform Engineering fits into your broader software delivery process. You see how Platform Engineering works with a DevOps process and why both DevOps and Platform Engineering can help your organization attain high performance. The…

Read more →

Amazon Web Services (AWS) provides extensive cloud computing services. These services equip businesses with the flexibility, scalability, and reliability necessary for their operations. Security becomes a paramount concern as organizations shift their activities to the cloud. The AWS Identity and…

Read more →

We’re all getting used to life after the immense global crisis caused by COVID-19. One thing is clear – our world, especially when it comes to computers and technology, will never be the same. I’ve worked in cybersecurity for twenty…

Read more →

It is also known as web app pen-testing or security testing, which is an organized evaluation of a web application’s security to identify exposure and debility that could be exploited by malicious performers. The main goal of penetration testing is…

Read more →

Blockchain has the potential to revolutionize the way we interact with the digital world. It promises security, transparency, and decentralization. However, for most people, getting started with blockchain can be confusing and intimidating. The need to manage private keys and…

Read more →

To propose an implementation, we will present a use case that allows us to define the requirements. We will describe the functional and technical context in which we will operate and then specify the requirements. Based on these requirements, we…

Read more →

Most of the examples Apple provides to demonstrate Dependency Injection in SwiftUI use @Environment. When creating a new project with SwiftData in XCode, you’ll notice that the template uses Environment for injecting the modelContext. Swift   struct ContentView: View {…

Read more →

When starting a new web3 project, it’s important to make the right choices about the blockchain and smart contract language. These choices can significantly impact the overall success of your project as well as your success as a developer.  In…

Read more →

While ushering in an era of unparalleled connectivity, the digital revolution has also opened the floodgates to a plethora of security challenges. As cybercriminals employ increasingly sophisticated methods, the traditional bastions of digital security, such as alphanumeric passwords, are proving…

Read more →

Rate limiting is the concept of controlling the amount of traffic being sent to a resource. How can you achieve this control? By means of a rate limiter – a component that lets you control the rate of network traffic…

Read more →

Generative AI (GenAI) is transforming businesses in nearly every industry, and cybersecurity is no exception. As a $30 billion global IT services firm, NTT Data is on the leading edge of harnessing generative AI while managing the risks. I recently…

Read more →

The Modbus protocol is a communication protocol that allows devices to communicate over various types of media, such as serial lines and ethernet. It was developed in 1979 by Modicon, a company that produced Programmable Logic Controllers (PLCs), to enable…

Read more →

Organizations today are constantly seeking ways to deliver high-quality applications faster without compromising security. The integration of security practices into the development process has given rise to the concept of DevSecOps—a methodology that prioritizes security from the very beginning rather…

Read more →

Since the inception of the internet, cyber security has been one of the prime points to ponder. Protecting computers, mobile devices, electronic systems, servers, networks, and data from nefarious attacks from cyber miscreants. Today, AI has become the epicenter of…

Read more →

This is an article from DZone’s 2023 Database Systems Trend Report. For more: Read the Report In today’s rapidly evolving digital landscape, businesses across the globe are embracing cloud computing to streamline operations, reduce costs, and drive innovation. At the…

Read more →

In this blog series, We will learn about encryption and decryption basics in a very casual fashion. We will start discussing from origin of cryptography and then learn about modern techniques. One of the important and main techs in encryption…

Read more →

Background of Multitenancy  DevOps and solution architects often implement RBAC and multitenancy in their Kubernetes infrastructure to achieve isolation of workspace and allow authorized persons to access resources with least privilege resources.  The implementation of RBAC and multitenancy can be…

Read more →

As we stand at the precipice of an increasingly digitized world, the challenges of emerging cyber threats are becoming more complex. With 20 years of experience as a cybersecurity professional, I have seen this evolution firsthand. The need for skilled…

Read more →

Authentication is undoubtedly one of the first encounters of a user when they land on your platform. Friction in the overall authentication process could be the reason for your users to switch to your competitors.  A smooth authentication is the…

Read more →

This is an article from DZone’s 2023 Database Systems Trend Report. For more: Read the Report Good database design is essential to ensure data accuracy, consistency, and integrity and that databases are efficient, reliable, and easy to use. The design…

Read more →

IoT manufacturers in every region have a host of data privacy standards and laws to comply with — and Europe is now adding one more. The Cyber Resilience Act, or CRA, has some aspects that are simply common sense and…

Read more →

Austin, Texas, is a city filled with music, vibrant nightlife, and some legendary BBQ. It is also one of the great tech hubs of the southern United States, home to a wide variety of tech innovators like Indeed, SolarWinds, and…

Read more →

In today’s highly competitive business landscape, staying ahead of the curve often means leveraging the expertise and resources available around the globe. Offshore software development has emerged as a strategic approach for companies looking to optimize their software development processes…

Read more →

As the digital age progresses, we find ourselves amidst numerous ways of transmitting and storing information. From the smart devices that indwell our homes to the advanced artificial intelligence systems powering industries, the intertwining of technology with our daily lives…

Read more →

Almost every organization has implemented CI/CD processes to accelerate software delivery. However, with this increased speed, a new security challenge has emerged. Deployment speed is one thing, but without proper software checks, developers may inadvertently introduce security vulnerabilities, leading to…

Read more →

Generative AI is enabling software developers to create more code much faster than before. For software quality test engineers entrusted with assuring that applications get released on time and without bugs, GenAI presents both a challenge and a solution for…

Read more →

In the realm of software development, Continuous Integration and Continuous Deployment (CI/CD) pipelines have become integral. They streamline the development process, automate repetitive tasks, and enable teams to release software quickly and reliably. But while CI/CD pipelines are a marvel…

Read more →

In today’s interconnected world, computer networks have become the backbone of modern communication and information exchange. They enable the seamless transmission of data, facilitate collaboration, and connect individuals and devices across the globe.  This article delves into the evolution, components,…

Read more →

In the dynamic landscape of the digital era, the significance of SaaS (Software as a Service) has escalated exponentially. As we venture into 2023, the emphasis on SaaS compliance has become a focal point for businesses globally. In this comprehensive…

Read more →

Secure software development is crucial to safeguarding sensitive data and protecting against cyber threats. Learning the ins and outs of the Secure Software Development Lifecycle (SDLC) is a fundamental step for anyone aspiring to become a proficient software developer. In…

Read more →

A recent panel discussion at Black Hat 2023, Generative AI: Security Friend or Foe?, provided insights into how generative AI models like ChatGPT could impact security teams. Kelly Jackson, Editor-in-Chief of Dark Reading, moderated the roundtable with cybersecurity leaders Josh…

Read more →

For many years, the idea of liability for defects in software code fell into a gray area. You can find debate about the topic going back and forth since at least the early 1990s. Throughout, software developers argued that they shouldn’t…

Read more →

The need for speed, agility, and security is paramount in the rapidly evolving landscape of software development and IT operations. DevOps, focusing on collaboration and automation, has revolutionized the industry. However, in an era where digital threats are becoming increasingly…

Read more →

In today’s digital age, the backbone of any organization’s IT infrastructure is its Active Directory (AD). This centralized directory service manages authentication and authorization, making it critical for safeguarding sensitive data and maintaining system integrity. However, as the technological landscape…

Read more →

In August, Dell disclosed vulnerability CVE-2023-39250 where “A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.” This actively affects Dell Storage Integration Tools for VMware (DSITV) customers. Learn…

Read more →

Business source licensing (BSL) has recently emerged as an alternative software licensing model that aims to blend the benefits of both open-source and proprietary licensing. For developers and IT professionals evaluating solutions, understanding what BSL is and its implications can…

Read more →

The ever-evolving cybersecurity landscape presents growing challenges in defending against sophisticated cyber threats. Managing security in today’s complex, hybrid/multi-cloud architecture compounds these challenges. This article explores the importance of demonstrating cybersecurity effectiveness and the role of Breach and Attack Simulation…

Read more →

In our contemporary cybersecurity landscape, sneaky custom content threats are beginning to penetrate our email security policies and firewalls/virus-scanning network proxies with greater consistency. Aptly disguised files can easily wind their way into our inboxes and our most sensitive file…

Read more →

Learn how to record SSH sessions on a Red Hat Enterprise Linux VSI in a Private VPC network using in-built packages. The VPC private network is provisioned through Terraform and the RHEL packages are installed using Ansible automation. What Is…

Read more →

Implementing a zero-trust framework is essential to any website’s security — everything must be verified and authenticated. It ensures data integrity and prioritizes safety for everyone involved, especially the users. The Relationship Between UX and Security Prioritizing security and nothing…

Read more →

To patch the Exchange Servers against known threats and fix bugs and vulnerabilities, Microsoft releases Cumulative and Security updates on a regular basis. These updates also provide new features, security patches, and various other fixes. Usually, the installation of these…

Read more →

As the cybersecurity landscape continues to evolve, the challenges associated with defending against cyber threats have grown exponentially. Threat vectors have expanded, and cyber attackers now employ increasingly sophisticated tools and methods. Moreover, the complexity of managing security in today’s…

Read more →

In the constantly shifting realm of cybersecurity, remaining ahead of emerging threats is no longer merely an aspiration but an imperative. With cyber adversaries continuously enhancing their skills and tenacity, businesses are progressively embracing cutting-edge technologies and inventive tactics to…

Read more →

“Mobile is becoming not only the new digital hub but also the bridge to the physical world.”– Thomas Husson, VP and Principal Analyst at Forrester Research Mobile devices have become an inevitable part of organizations’ strategies to do more with…

Read more →

September marks National Insider Threat Awareness Month (NITAM), an annual campaign dedicated to shedding light on the risks posed by trusted insiders. Whether employees, contractors, partners, or collaborators, these authorized individuals have the potential to intentionally or accidentally cause significant…

Read more →

In today’s increasingly digital world, securing your applications has become paramount. As developers, we must ensure that our applications are protected from unauthorized access and malicious attacks. One popular solution for securing Java applications is Spring Security, a comprehensive and…

Read more →

Privacy by Design (PbD) is an approach to systems engineering that aims to embed privacy into every stage of the development process and across the entire organization from day one. Privacy is too often overlooked or solely an afterthought. Policies…

Read more →

On August 21, 2023, security researcher and HackerOne Advisory Board Member Corben Leo announced on social media that he had “hacked a car company” and went on to post a thread explaining how he “gained access to hundreds of their codebases.”…

Read more →

Emerging technologies are unlocking new possibilities for gathering and leveraging data from personal devices to provide highly customized and contextualized user experiences. As Dr. Poppy Crum, CTO, and neuroscientist, highlighted in her Technology and Human Evolution presentation at TIBCO Next,…

Read more →

As businesses shift operations to the cloud, robust security is crucial. DDoS attacks pose significant threats to cloud-based services, aiming to disrupt infrastructure and cause downtime and financial losses. AWS Shield from Amazon Web Services provides comprehensive DDoS protection, fortifying…

Read more →

Developing secure APIs is crucial, but testing them thoroughly can be time-consuming and difficult without the right tools. A new offering called CodeSec from application security provider Contrast Security aims to make robust API security testing quick, accurate, and accessible…

Read more →

Gradle version catalogs allow us to add and maintain dependencies in an easy and scalable way. Apps grow, and managing projects with several development teams increases the compilation time. One potential solution to address this issue involves segmenting the project…

Read more →

When choosing a user authentication method for your application, you usually have several options: develop your own system for identification, authentication, and authorization, or use a ready-made solution. A ready-made solution means that the user already has an account on…

Read more →

In today’s digitally interconnected world, software plays an integral role in our daily lives. From online banking and e-commerce to healthcare and transportation, software applications are at the heart of our technological infrastructure. However, with the increasing reliance on software,…

Read more →

Enterprise security teams have had since 2015 to familiarize themselves with GraphQL API security. But many — if not most — still haven’t captured the security nuances of the popular open-source query language. Simply understanding GraphQL’s processes and vulnerable attack…

Read more →

At Black Hat 2023, Kemba Walden, Acting National Cyber Director at the White House, outlined a new national cybersecurity strategy aimed at strengthening defenses through workforce development and technology initiatives. For developers and technology professionals, this strategy has major implications,…

Read more →

In the constant struggle between security and agility, developers often draw the short straw. Tasked with rapidly building and deploying code, engineers get bogged down handling security incidents or remediating vulnerabilities. The friction between creating quickly and creating securely slows…

Read more →

Agile software development has transformed how software is created and delivered. It fosters collaboration, flexibility, and quick development cycles, making it appealing to many teams. However, Agile’s numerous advantages come with specific cybersecurity risks that developers must address. In this…

Read more →

In today’s interconnected society, the Internet of Things (IoT) has seamlessly integrated itself into our daily lives. From smart homes to industrial automation, the number of IoT devices continues to grow exponentially. However, along with these advancements comes the need…

Read more →

On July 11, 2023, Microsoft released details of a coordinated attack from threat actors, identified as Storm-0558. This state-sponsored espionage group infiltrated email systems in an effort to collect information from targets such as the U.S. State and Commerce Departments.…

Read more →

Tokens are essential for secure digital access, but what if you need to revoke them? Despite our best efforts, there are times when tokens can be compromised. This may occur due to coding errors, accidental logging, zero-day vulnerabilities, and other…

Read more →

Identity and access management (IAM) is fundamental to modern cybersecurity and operational efficiency. It allows organizations to secure their data, comply with regulations, improve user productivity, and build a strong foundation for trustworthy and successful business operations. A robust IAM…

Read more →

In today’s interconnected global marketplace, secure data transmission is more crucial than ever. As digital platforms become increasingly important for financial transactions and personal communications, ensuring the integrity and confidentiality of data is vital. If someone gets unauthorized access to…

Read more →

In the face of ever-changing threats and complex infrastructures, the zero-trust architecture represents an important transformation in our understanding and implementation of security. This innovative approach promises not only increased protection but also increased adaptability and efficiency in infrastructure management.…

Read more →

In today’s digital landscape, data privacy and accurate analytics are paramount for businesses striving to make informed decisions. Google Analytics 4 (GA4) brings a new dimension to data privacy and tracking methods, including cookie-less tracking and server-side tracking.  Growing worries…

Read more →

Code scanning for vulnerability detection for exposure of security-sensitive parameters is a crucial practice in MuleSoft API development.  Code scanning involves the systematic analysis of MuleSoft source code to identify vulnerabilities. These vulnerabilities could range from hardcoded secure parameters like…

Read more →

MQTT is a lightweight messaging protocol commonly used in IoT (Internet of Things) applications to enable communication between devices. As a popular open-source MQTT broker, EMQX provides high scalability, reliability, and security for MQTT messaging. By using Terraform, a widespread…

Read more →

MQTT is a lightweight messaging protocol used in the Internet of Things (IoT) to enable communication between devices. As a popular open-source MQTT broker, EMQX provides high scalability, reliability, and security for MQTT messaging. By using Terraform, a widespread Infrastructure…

Read more →

Starters are an integral part of the Spring Boot application. In addition to dependency versioning, they provide the ability to describe the configuration for a particular functionality. They gained their popularity due to the development of microservice architecture. When we…

Read more →

SaaS applications and services are at the core of today’s businesses, and a quick glance at the market indicates that this trend isn’t going to stop anytime soon. Gartner forecasts that SaaS spending will reach $197 billion in 2023, up…

Read more →

The Microsoft OpenXML files we use on a day-to-day basis are conveniently designed to be accessed and manipulated programmatically. We can jump into any OpenXML file structure in a variety of capacities (usually via specialized programming libraries or APIs) to…

Read more →

Previous Articles Volume 1 Volume 2 Volume 3 Volume 4 Volume 5 Volume 6 Volume 7 Volume 8 Volume 9 Volume 10 Volume 11 Volume 12 Topics Topic 1: Diagnose certificate-based authentication Topic 2: Differences between cockroach and psql clients…

Read more →

Since most security administrators have little insight into cloud-to-cloud connections, monitoring and protecting data throughout these communications is challenging. This article will examine the issue and potential remedies.  What Exactly Is a ‘Plug-In’ in a SaaS System? A plug-in SaaS…

Read more →

Over the past several years, Zero Trust Architecture (ZTA) has gained increased interest from the global information security community. Over the years, several organizations have adopted Zero Trust Architecture (ZTA) and experienced considerable security improvements. One such example is Google,…

Read more →

As the global community grapples with the urgent challenges of climate change, the role of technology and software becomes increasingly pivotal in the quest for sustainability. There exist optimization approaches at multiple levels that can help: Algorithmic efficiency: Algorithms that…

Read more →

In the rapidly evolving landscape of healthcare, Artificial Intelligence (AI) has emerged as a transformative force, promising to reshape the industry with its potential to improve diagnostics, personalize patient care, and streamline administrative tasks. AI Chatbots, like the UK-based Babylon…

Read more →

Are you looking to develop dynamic and secure web applications? If so, then C# (pronounced as “C sharp”) is a powerful programming language that can meet your requirements.  C# is widely used in web development due to its versatility, performance,…

Read more →

Data migration can be challenging due to the need to merge data from multiple sources into one consolidated new system, which can be both risky and time-consuming.  These issues can arise due to a lack of proper planning, inadequate migration…

Read more →

The failure to provide adequate security for software releases and delivery is becoming costlier day by day, and the impact is enormous: business disruption, lost sales, damaged reputations, frustrated users, and more. Security breaches can happen within any stage of…

Read more →

In this 15-minute lightning talk, Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) talks about the governance challenges that financial services organizations face when they look to adopt DevSecOps. Dips has worked for Nationwide, Lloyds Banking Group, and…

Read more →

When enterprises select a SaaS provider for mission-critical applications, they are placing a bet on that product and vendor. Smart customers understand that they must minimize risks to their security and their business. Not surprisingly, many CISOs and security organizations…

Read more →

Istio’s virtual services and destination rules help DevOps engineers and cloud architects apply granular routing rules and direct traffic around the mesh. Besides, they provide features to ensure and test network resiliency so that applications operate reliably. In this article,…

Read more →