Category: DZone Security Zone

Single sign-on is a feature that allows users to access more than one application with the same credentials. This article shows how we can configure SSO using the WSO2 Identity Server. There is a cab company called Pickup that has…

Read more →

It’s a common belief among AWS users that Northern Virginia, also known as US East or N. Virginia (US-East-1), is the region with the least reliability when it comes to uptime. To verify this, we analyzed the AWS outage history…

Read more →

Maria Markstedter, founder of Azeria Labs and security researcher specialized in mobile and IoT security, was the opening keynote at BlackHat 2023 — Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow. Markstedter provided an enlightening look at…

Read more →

HTTP headers are essential elements in the communication between clients (e.g., web browsers) and servers on the internet. They contain metadata, which is additional information about the client or the request being made. These headers allow clients and servers to…

Read more →

In the world of modern software development, meticulous monitoring and robust debugging are paramount. With the rise of reactive programming paradigms, Spring WebFlux has emerged as a powerful framework for building reactive, scalable, and highly performant applications. However, as complexity…

Read more →

In this post, we will learn about the steps involved in the process of configuring an HTTPS endpoint with one-way SSL for a Mule Application. Securing communication between clients and servers is essential in today’s digital world, and using HTTPS…

Read more →

The software supply chain has emerged as a prime target for cyberattacks in recent years, as evidenced by major incidents like SolarWinds and Log4Shell. To understand how IT teams can get ahead of supply chain threats, I spoke with two…

Read more →

Android app modularization refers to the process of breaking down an Android app into smaller, independent modules. These modules can be thought of as building blocks that can be combined to form the complete app. Each module is typically responsible…

Read more →

Privileged access management (PAM) is critical for securing sensitive systems and data, especially with remote work’s expanded attack surface. However, recent research by Keeper Security reveals significant barriers still inhibit broad PAM adoption. Cost and complexity top the list of…

Read more →

Our ever-increasing reliance on technology has made software security more crucial than ever. Business owners and individuals use software every day, and that isn’t changing any time soon.  Developers are responsible for creating software that can stand up against a…

Read more →

Time and again, we encounter stark reminders that every piece of software, no matter how widespread its use or how thoroughly it is reviewed, has the potential to harbor security vulnerabilities. A recent case in point is a security flaw…

Read more →

Everywhere you turn, data security is a major challenge for several organizations. This makes it difficult to ensure that data is reliable and accurate for use. This is why organizations must now take data preservation more seriously than they ever…

Read more →

APIs are the digital fabric connecting companies, partners, and customers. But increased reliance on APIs also introduces new security risks. I recently spoke with Michelle McLean, VP of Marketing at API security provider Salt Security during Black Hat 2023 about…

Read more →

We all know that data is being generated at an unprecedented rate. You may also know that this has led to an increase in the demand for efficient and secure data storage solutions that won’t break the bank. Edge data…

Read more →

In this article, we will discuss JWT Authentication in Angular 14 step-by-step. If you want to learn the basics and details of the JWT Token, then check out this article.  This article has been indexed from DZone Security Zone Read…

Read more →

In the rapidly evolving world of technology, software applications have become the backbone of modern society. From mobile apps that streamline our daily tasks to web-based platforms that connect us globally, these applications rely on seamless communication and data exchange.…

Read more →

Security and governance are two major blockers that either stop or delay the cloud journey of various customers. In this era of the digital world, almost everyone has shown their concerns about the security of their data. Some are concerned…

Read more →

A recent interview with Island’s founding team member Brian Kenyon at Black Hat 2023 sheds light on how the enterprise browser is poised to become a powerful platform for secure remote work. Island offers a version of the Chromium open-source…

Read more →

One of the most widely held misconceptions is that authorization and authentication are the same, or something your identity provider does. It also doesn’t help that certain authentication vendors blur the line by offering their versions of access controls. But,…

Read more →

A secret is any piece of information that you want to keep confidential, such as API keys, passwords, certificates, and SSH keys. Secret Manager systems store your secrets in a secure, encrypted format, and provide you with a simple, secure…

Read more →

As an average user, choosing the right software can be a challenge. However, how you deploy the software can make a significant difference in its effectiveness. The process of deploying software involves making a tool ready for use in a…

Read more →

Istio service mesh helps DevOps engineers and architects manage the network and security of distributed applications without touching the application code. In a previous blog, we explained How to get started with Istio in Kubernetes in 5 steps, where Istio’s…

Read more →

In this article, we are going to discuss JWT Token authentication and implementation using .NET Core API 6. Before looking into this blog, visit my previous blog: Introduction and Details about JWT Token Authentication and Authorization, to understand the basics…

Read more →

The urgency of securing vulnerable software infrastructure is at the heart of an ambitious new DARPA program — the AI Cyber Challenge (AIxCC). Through competitions engaging top security talent, AIxCC aims to spur innovative tools that automatically detect and patch…

Read more →

Our previous articles of this series explored various methods to safeguard IoT devices from cyberattacks, including encryption, authentication, and security protocols. However, it is crucial to acknowledge that regular updates and maintenance are equally vital to ensure the ongoing security…

Read more →

Although they are often conflated with each other, Authentication and Authorization, represent two fundamentally different aspects of security that work together in order to protect sensitive information. In this blog, we will go over some of the key differences between…

Read more →

Richmond, Virginia, has a vibrant and storied history. While Edgar Allan Poe is more associated with Baltimore, he actually grew up in Richmond, home to the Edgar Allan Poe Museum. Richmond was also home to Maggie Lena Walker, the first…

Read more →

Enterprises nowadays are keen on adopting a microservices architecture, given its agility and flexibility. Containers and the rise of Kubernetes — the go-to container orchestration tool — made the transformation from monolith to microservices easier for them. However, a new…

Read more →

In this article, we are going to discuss JWT Token authentication and implementation using .NET Core API 6. Before looking into this blog, visit my previous blog: Introduction and Details about JWT Token Authentication and Authorization, to understand the basics…

Read more →

Cloud security is a top priority for several organizations right now; no doubt about that. However, many companies still find themselves grappling in the dark when it comes to implementing effective cloud security controls. This article addresses challenges businesses might…

Read more →

If there’s one thing nearly all contemporary, interactive client-side web applications have in common, it’s a reliance on dynamic user-facing text input fields. These fields play the all-important role of capturing plain text data from client-side browsers and sharing that…

Read more →

ESXi hosts are the backbone of virtualization, serving as the foundation for running virtual machines and managing critical workloads and as such, ensuring the security of ESXi hosts is paramount to protect the entire virtual infrastructure. As virtualization technology continues…

Read more →

To say that the RSA Conference is one of the largest cybersecurity conventions in the world would be an understatement. This year the event attracted 40,000 participants. Tens of thousands of individuals showed up to learn about the latest updates…

Read more →

Deception technology is a cybersecurity tactic that involves setting traps for potential intruders with fabricated versions of valuable assets. An organization’s security teams are alerted when cybercriminals are lured by this method.  This approach shortens the time required to detect…

Read more →

Data engineers discovered the benefits of conscious uncoupling around the same time as Gwyneth Paltrow and Chris Martin in 2014.  Of course, instead of life partners, engineers were starting to gleefully decouple storage and compute with emerging technologies like Snowflake…

Read more →

The rapid adoption of cloud computing is no coincidence. Small and medium-sized businesses (SMBs) businesses are now presented with the opportunity to break free from the constraints of traditional IT infrastructure and enjoy the numerous benefits the cloud has to…

Read more →

In an increasingly interconnected world, the need for robust cybersecurity infrastructure resilience is now more critical than ever. Cyberattacks pose significant threats to nations, businesses, and individuals alike, with potentially devastating consequences. It is in this context that we can…

Read more →

We discussed the fundamentals of EVM, the need for EVM compatibility, and the general benefits in part I of the EVM compatibility chronicles. Now, let’s delve into and explore the significance of EVM compatibility for Humanode, and gain insights directly from MOZGIII,…

Read more →

Kubernetes has made it easier to manage containerized microservices at scale. However, you get a limited set of security features with Kubernetes. A key component of application security is the prevention of unauthorized access. Standards-based identity and access management (IAM)…

Read more →

When I was a teenager, our local telephone company introduced a new service — the premium phone calls (AKA 1-900 numbers). The fun part was that we discovered a workaround to these charges by dialing the sequential local numbers, which…

Read more →

Modern software demands speed, security, and scale. Ultraviolet is meeting these needs through a developer-focused approach that multiplies productivity while reducing complexity. At BlackHat 2023, Ultraviolet CTO Jake Groth outlined how the company leverages microservices, “as code” methodologies, and developer-created…

Read more →

Web development is a pillar of contemporary commercial success in the digital world. How a website functions and appears directly influences user experience and, consequently, a company’s triumph in the competitive online realm. Web developers hold the keys to maximizing…

Read more →

In today’s fast-paced software development landscape, organizations need to provide their internal development teams with the tools and infrastructure necessary to excel. Internal developer platforms have emerged as a powerful solution that enables companies to streamline their software development processes…

Read more →

Dive deep into the DevOps world and explore the best practices that can help organizations achieve success in their release processes! Software development and operations have become increasingly intertwined in today’s fast-paced and technology-driven world. DevOps has emerged as a…

Read more →

Security continues to be one of the most important aspects of web3. As a developer, you should be securing your smart contracts by ensuring that testing — specifically a wide variety of testing — is integrated into your smart contract…

Read more →

When exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks. Rate limiting comes to mind first, but it shouldn’t stop there. We can factor many features in the API Gateway…

Read more →

Infrastructure as Code (IaC) has emerged as a pivotal practice in modern software development, enabling teams to manage infrastructure resources efficiently and consistently through code. This analysis provides an overview of Infrastructure as Code and its significance in cloud computing…

Read more →

Increasing adoption of SaaS Applications and Web Based solutions created a demand for data and resource sharing. Cloud computing provides a combination of infrastructure, platforms, data storage, and software as services. It has replaced grid computing over the years and…

Read more →

Many companies strive to adopt the DevOps approach for software development and delivery. Alongside this, they face increasing security challenges, leading to the implementation of new innovative software development methods. The need for security in the software deployment process is…

Read more →

Cybersecurity threats are real, and with the enhanced proliferation of digitization in the business landscape today, websites have become an integral part of business communication with customers and partners. Therefore, companies look for new and secure ways to protect their…

Read more →

We all want to deliver quality experiences to our customers. Before we can ensure a quality experience for our customers, it is essential to establish a clear definition of quality specific to the product we are developing. Once established, embracing…

Read more →

In the video below, we will cover real-life considerations when working with dependencies in Java: How to find and trust the right dependencies How to consistently keep them updated How to protect against vulnerabilities How to handle team backlash against…

Read more →

A robust digital presence is essential in today’s business landscape. Web development evolves constantly with new frameworks and libraries for dynamic web applications. These platforms connect with your audience and boost business productivity. Embracing these advancements is vital for success…

Read more →

In recent years, cloud computing has emerged as a game-changer for businesses of all sizes. The ability to store and access data and applications over the internet has revolutionized the way companies operate, enabling them to be more agile, efficient,…

Read more →

Welcome to the world of Javascript development, where building, testing, and deploying applications can be complex and time-consuming. As developers, we strive to automate these tasks as much as possible, and that’s where npm scripts come in. npm scripts are…

Read more →

In today’s data-driven world, Customer Data Platforms (CDPs) play a pivotal role in helping businesses harness and utilize customer data effectively.   These platforms consolidate data from various sources, providing valuable insights into customer behavior and preferences. They enable businesses to comprehensively understand their customers, facilitating targeted marketing…

Read more →

Consistently in the top rankings of the TIOBE index for the past two decades, and with a current TIOBE ranking of 4, Java has proved to be one of the most popular programming languages even after more than 25 years…

Read more →

In today’s constantly evolving digital landscape, staying ahead of the competition requires organizations to innovate continuously. Additionally, delivering high-quality software at an accelerated pace has become essential. This is where DevOps comes into play. DevOps, short for Development and Operations,…

Read more →

Software supply chain security is a threat area that was popularized by SolarWinds and Log4j. For the first time there was widespread awareness of how exploiting popular software artifacts (libraries, frameworks, etc.) can give hackers entry, where they can then…

Read more →

Platform teams are an integral part of an IT solution delivery organization.  Every IT organization has a way of structuring its platform team based on its context and multiple considerations, including alignment with the Development or Operations of other units,…

Read more →

With the ever-increasing amount and variety of data, constantly growing regulations and legislation requirements, new capabilities and techniques to process the data, to become a data-driven organization, CIBC goes through enormous changes in all aspects of leveraging, managing, and governing…

Read more →

On March 20th, 2023, OpenAI took down the popular generative AI tool ChatGPT for a few hours. It later admitted that the reason for the outage was a software supply chain vulnerability that originated in the open-source in-memory data store…

Read more →

The universe of web improvement has gone through a beautiful development since its initial days during the commencement of the web. The method involved with creating and overseeing sites and online applications has gone through astounding progressions, molding the computerized…

Read more →

There have been major advances made in the use of machine learning models in a variety of domains, including natural language processing, generative AI, and autonomous systems, to name just a few. On the other hand, as the complexity and…

Read more →

Choosing the right data solution for your business can be a challenging process because there’s a wide selection of them, and even the same data can be processed and packaged differently. I’m here to help you understand when you should…

Read more →

As businesses aim to provide personalized experiences to their customers, they are increasingly integrating connected IoT devices into their operations. However, as the IoT ecosystem expands, protecting data from malicious individuals who may try to access and misuse personal information…

Read more →

OpenTelemetry (OTel) is an open-source standard used in the collection, instrumentation, and export of telemetry data from distributed systems. As a framework widely adopted by SRE teams and security teams, OTel is more than just one nice-to-have tool among many;…

Read more →

Nowadays, most people take it as a fact that the software we use daily is secure, and that is not really representative of the reality we live in in the software industry. A lot of the software on the market…

Read more →

Running tests is the necessary evil. I have never heard two or more engineers at the water cooler talking about the joys of test execution. Don’t get me wrong, tests are great; you should definitely have plenty of them in…

Read more →

With the COVID-19 outbreak, the e-commerce industry experienced significant growth, as the demand for online sales increased exponentially. With the decrease in live sales, multiple organizations, which ignored the online world or just hadn’t prioritized this marketing and sales channel…

Read more →

In the dynamic environment of software development, effective management of dependencies between pull requests (PRs) is pivotal to enabling smooth collaboration and seamless code integration.  But let’s face it, juggling dependencies manually can be a real challenge! This article has…

Read more →

If you work in software development, or indeed within any sector of the technology industry, you will have undoubtedly been part of discussions about, read headlines on, or even trialed a platform for generative artificial intelligence (AI). Put simply, this…

Read more →

The hype around blockchain technologies may have quieted, but the builders are still building. The toughest technical problems that kept blockchain from mass adoption over the past few years—slow and expensive transactions—are being solved by layer 2s. zkEVMs, and Linea…

Read more →

If we look at the banking market (7.5 trillion euro in 2022) and insurance ($5.6 trillion in 2022) applications, we will find it very regulative. Responsibility to act with personal data securely leads many companies to have a private cloud…

Read more →

Understanding the Need for Enhanced Security and Compliance In today’s digital world, data security, and privacy have become top priorities for businesses. With the increasing threat of cyberattacks and data breaches, it’s no longer enough to rely on traditional security…

Read more →

Amidst the rapid advancements in the utility and energy industry, where demands continually escalate, the role of IT operations has grown significantly, requiring enhanced capabilities to ensure seamless operations. The global IT operations and service management market is expected to…

Read more →

This article delves into additional authentication methods beyond those covered in previous articles. Specifically, we will explore token-based authentication and OAuth 2.0, explaining their concepts and demonstrating their implementation in MQTT. This article has been indexed from DZone Security Zone…

Read more →

Introduction to Biometrics Biometrics measures and analyses an individual’s physical and behavioral characteristics. It is a technology used for proper identification and access control of people under surveillance. The theory of biometric authentication is that everybody can be accurately identified…

Read more →

The importance of secure web applications can never be overstated. Protecting sensitive user data and making sure proper authentication is in place are essential whether you’re creating a straightforward blog or a sophisticated corporate solution. This is where the potent…

Read more →

In previous posts, we introduced that through the Username and Password fields in the MQTT CONNECT packet, we can implement some simple authentication, such as password authentication and token authentication. This article will delve into a more advanced authentication approach…

Read more →

I have already described how to secure a Spring Boot 2-based REST API with Keycloak here. Today, I would like to create a separate text with the same topic but for Spring Boot 3 — a newer, shiner version of…

Read more →

Veteran engineers likely remember the days of early software development, when software releases were delayed until they included all desired code complete features. This method resulted in extremely long wait times for users, not to mention security concerns and errors…

Read more →

In today’s world, databases are valuable repositories of sensitive information, and attackers are always on the lookout to target them. This has led to a rise in cybersecurity threats, making it essential to have proper protection measures in place. Oracle…

Read more →

The digital-first era has undoubtedly broadened the horizons of possibilities but has eventually increased the threat vector and created new vulnerabilities.  Whether we talk about phishing attacks or modern brute-force attacks where individuals’ identities are compromised, ignoring the importance of…

Read more →

Data Platform Evolution Initially, data warehouses served as first-generation platforms primarily focused on processing structured data. However, as the demand for analyzing large volumes of semi-structured and unstructured data grew, second-generation platforms shifted their attention toward leveraging data lakes. This resulted in…

Read more →

In previous articles, we explored authentication and access control mechanisms. Now it’s time to shine a light on the crucial role of Transport Layer Security (TLS) in fortifying MQTT communication. This article will focus specifically on TLS and its ability…

Read more →

Most folks managing or working within a DevOps organization are already familiar with the book “Accelerate” and DevOps Research and Assessment, commonly abbreviated as DORA, metrics. For those who are not familiar or just need a quick refresher, DORA metrics…

Read more →

Automated CI/CD (continuous integration/continuous delivery) pipelines are used to speed up development. It is awesome to have triggers or scheduling that take your code, merge it, build it, test it, and ship it automatically. However, having been built for speed…

Read more →

Secure code review is essential for ensuring software applications’ security and integrity. By examining the codebase for potential vulnerabilities and weaknesses, developers can identify and address security issues before malicious actors exploit them. This article will discuss some best practices…

Read more →

When we say DevOps, it quickly conjures up an image of a development and operations team that works together — collaboratively and communicatively. DevOps uses tools like automation, continuous integration, and monitoring. This way, the software development process picks up speed and…

Read more →

DevOps security is a set of practices that integrate security processes, people, and DevOps security tools into the development pipeline, enabling organizations to deliver software in a secure environment continuously. Whether you call it DevSecOps, network security, cyber security, DevOps and…

Read more →

Traditionally, security was often an afterthought in the software development process. The security measures were implemented late in the cycle or even after deployment. DevSecOps aims to shift security to the left. In DevSecOps, security is incorporated from the earliest…

Read more →

Amazon Web Services (AWS) provides a robust and scalable cloud computing platform that is widely adopted by organizations. However, with the increasing reliance on AWS services, ensuring proper security measures is crucial to protect sensitive data and maintain the integrity…

Read more →

Welcome back, developers and security enthusiasts! In the previous blog, “Implementing RESTful endpoints: a step-by-step guide,” we covered the essential foundations of API security, including authentication, authorization, and secure communication protocols. Now, it’s time to level up and delve into advanced…

Read more →

APIs are everywhere, and in most cases, we don’t give them much thought, even when using them multiple times a day. Whenever you log into a website using your Google or Facebook account, check the location of a new restaurant…

Read more →

AWS Vault is an open-source tool by 99Designs that enables developers to store AWS credentials in their machine keystore securely. After using it for a while at Jit, I decided to dig deeper into how it works and learned a…

Read more →

As the digital revolution reshapes government operations worldwide, Application Programming Interfaces (APIs) have emerged as a critical tool in driving digital transformation. Through APIs, governments can ensure smoother interoperability between various systems, facilitate data sharing, and innovate public services. Here,…

Read more →

The rise of cloud computing and SaaS (Software as a Service) has dramatically reshaped the digital landscape, offering companies numerous benefits like scalability, cost-efficiency, and flexibility. In fact, the five largest SaaS companies in the U.S. have a combined market…

Read more →

Angular v16, the latest major release of the Angular framework, introduces a number of exciting new features and improvements. These features are designed to make Angular development more efficient, scalable, and secure. Rethinking Reactivity One of the most significant changes…

Read more →

Kubernetes (also called K8s) remains the most in-demand container for developers. Originally developed by engineers at Google, K8s has achieved global fame as the go-to solution for hosting across on-premise, public, private, or hybrid clouds. Insights from Statista show the…

Read more →