Tag: DZone Security Zone

Introduction Note: You can download the source from GitHub. I’ve been working on multi-tenant applications in the .NET ecosystem for quite a while, and one of the toughest challenges I consistently run into is secure tenant isolation — especially when…

Read more →

I think we need to be realistic when we talk about AI’s role in software development. It’s not “hit a button and generate code.” For me, it’s best positioned to maximize efficiency. It’s not just a tool for getting rid…

Read more →

In a closely connected world, the Internet of Things (IoT) is already a familiar brand for people. However, the use of such many devices is likely to increase the risk of attack. This is why good patch management is so important.…

Read more →

Multidomain integration is becoming a cornerstone of modern software development, bridging technologies like blockchain, biotech, and consumer applications. These cross-domain projects are no longer optional — they are the future of innovation. However, combining such diverse systems presents unique challenges. …

Read more →

One of the biggest problems in digital product development today is the failure to collaborate with InfoSec or DevSecOps teams. Unfortunately, threats are ubiquitous and increasingly sophisticated. But did you know that there is a way to reduce the time…

Read more →

Secure file transfer (SFT) has become one of the most crucial technologies in the modern Information technology (IT) landscape for ensuring data security and confidentiality. SFT is a hot topic in today’s world, especially when decisions are being made based…

Read more →

It is exciting how different disciplines can be merged to make the processes more efficient. In 2009, DevOps was coined to address the friction between the Development and Operations teams. As a result, the industry moved towards clubbing both teams…

Read more →

Speed matters in cybersecurity. Responding to a potential threat in seconds rather than minutes can be the difference between a thwarted attack and a realized one. The problem is that human analysts — however capable they may be — often…

Read more →

API development should be about solving business problems, not repeating the same tedious tasks over and over again. Yet, for many developers, API creation is still bogged down by inefficiencies — from writing boilerplate code to manually managing integrations, security,…

Read more →

Security is a critical concern in mobile app development, especially with the rise of data breaches and cyber threats. Docker, a platform for developing, shipping, and running applications in containers, offers several advantages that can enhance the security of mobile…

Read more →

kOps is a widely used tool for deploying and managing Kubernetes clusters in multi-cloud or hybrid cloud environments. It provides a unified configuration system (YAML or JSON), which lets you easily set up clusters across AWS, GCP, Azure, and on-premises…

Read more →

Supply chains are the backbone of global commerce, but they’re increasingly complex and vulnerable to disruptions. From pandemic-related shortages to geopolitical conflicts, recent events have exposed fundamental weaknesses in traditional supply chain management approaches.  As organizations seek more resilient and…

Read more →

Problem Statement With the rapid increase of online applications in industries such as finance, e-commerce, and social media, the frequency and sophistication of fraud attempts have surged. E-commerce apps face challenges like unauthorized transactions, fake bank account creation, and bot-driven…

Read more →

Modern organizations that work in data-centric settings must place a premium on compliance and data security. Rules and regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) clearly specify practices that ought to…

Read more →

Software development is on the cusp of major transformations, driven by new technologies and an ever-growing demand for faster, more efficient, and scalable systems. For developers and leaders in software engineering, staying ahead of these trends will be essential to…

Read more →

AI is the potential ally of the common people because it becomes an integral part of our daily lives. From personalized shopping suggestions to curated music playlists, along with other AI systems, they continuously accentuate our adventures.  Nevertheless, as these…

Read more →

As Kubernetes adoption grows in cloud-native environments, securely managing AWS IAM roles within Kubernetes clusters has become a critical aspect of infrastructure management. KIAM and AWS IAM Roles for Service Accounts (IRSA) are two popular approaches to handling this requirement. …

Read more →

Who Should Own IAM in the Enterprise? Identity and access management (IAM) started as an IT function, with the entire focus on giving human users the right access to the right systems. But today, identity has become the primary attack…

Read more →

Escalating data breach risks and intensifying regulatory guidelines have put organizations’ readiness for privacy protection into the spotlight. Until now, obscuring data sets via different methods of masking has been the anchor, but rising uncertainty around the nature of attacks…

Read more →

Psychological safety isn’t about fluffy “niceness” — it is the foundation of agile teams that innovate, adapt, and deliver. When teams fearlessly debate ideas, admit mistakes, challenge norms, and find ways to make progress, they can outperform most competitors. Yet,…

Read more →

Threat modeling is often perceived as an intimidating exercise reserved for security experts. However, this perception is misleading. Threat modeling is designed to help envision a system or application from an attacker’s perspective. Developers can also adopt this approach to…

Read more →

Hey there! I’m Rocky, the face behind CodeLivly, where I share all things tech, code, and innovation. Today, I want to talk about something super important for anyone diving into the world of DevOps: networking. Networking might sound a bit…

Read more →

In the era of artificial intelligence, the use of large language models (LLMs) is increasing rapidly. These models offer amazing opportunities but also introduce new privacy and security challenges. One of the essential security measures to address these challenges involves…

Read more →

Companies are now turning to data as one of the most important assets in their businesses, and data engineers are in the midst of managing and improving this asset and its effectiveness. In addition, the integration of data engineering with…

Read more →

Amazon Aurora PostgreSQL-compatible edition major version 12.x and Amazon RDS for PostgreSQL 12 reach the end of standard support on February 28, 2025. Higher database versions introduce new features, enhancing operational efficiency and cost-effectiveness.  Identifying qualified databases and upgrading them…

Read more →

The improvement of artificial brainpower (artificial intelligence) has improved many fields, including digital protection. Notwithstanding, this mechanical improvement is a two-sided deal. While computerized reasoning brings many advantages, it also empowers cybercriminals to send off progressively complex and disastrous assaults. …

Read more →

It is not a coincidence that non-human identities (NHIs) have come into focus recently while AI-powered tools and autonomous agents are rapidly being adopted. In fact, this is partially what is driving the explosion of NHIs in the enterprise. This…

Read more →

Safeguarding critical infrastructure from ransomware has become a critical issue in today’s interconnected world. Regions, for instance, power clinical benefits and government face extending perils that could disturb supplies, impact fragile data, and cause essential financial and reputational hurt.  Ransomware…

Read more →

Artificial intelligence operates as a transformative force that transforms various industries, including healthcare, together with finance and all other sectors. AI systems achieve their highest performance through data that has been properly prepared for training purposes. AI success depends on…

Read more →

Defending against zero- to low-cost attacks generated by threat actors (TA) is becoming increasingly complex as they leverage sophisticated generative AI-enabled infrastructure. TAs try to use AI tools in their attack planning to make social engineering schemes, convincing phishing emails,…

Read more →

Google BigQuery, Google Cloud’s data warehouse, provides a comprehensive suite of tools to help you control who can access your valuable data and what they can do with it. This blog post dives into the essential principles and practical techniques…

Read more →

Introduction to Kata Containers Kata Containers is an open-source project designed to deliver a secure container runtime environment by utilizing the virtualization layer provided by the server instance. Unlike traditional containers, Kata containers run within lightweight virtual machines (VMs) created…

Read more →

Real-time data streaming is changing the way organizations handle information. Whether it’s IoT devices sending sensor updates, retail platforms tracking customer activity, or financial institutions monitoring transactions for fraud, processing data “as it happens” gives you a major edge. When…

Read more →

Every programming language comes with its own set of security vulnerabilities, and JavaScript is no exception. Exploiting JavaScript vulnerabilities can lead to data manipulation, session hijacking, unauthorized data access, and more. Although commonly associated with client-side functionality, JavaScript security risks…

Read more →

More businesses than ever rely on cloud computing technologies to deliver reliable services at scale. With this shift to cloud-native technologies, microservices, and abstraction, the battle for security has shifted with it. Cloud security is no longer about traditional firewall…

Read more →

On one side, U.S. laws expand data access in the name of national security. On the other hand, French SecNumCloud ensures digital independence for European businesses. Let’s break down the implications of these two models on cybersecurity, compliance, and the…

Read more →

Governance, Risk, and Compliance (GRC) certifications have become crucial for professionals keen on securing cybersecurity and risk management roles. These certifications validate one’s skills and expertise, opening the door to new career opportunities in a dynamically changing environment.  With the…

Read more →

Recently, the Open Worldwide Application Security Project (OWASP) updated its Top 10 Risks for Mobile Applications for the first time since 2016. The security risk at the top this time? “Improper credential usage.” This is a wake-up call to mobile…

Read more →

Today’s cloud environments use Kubernetes to orchestrate their containers. The Kubernetes system minimizes operational burdens associated with provisioning and scaling, yet it brings forth advanced security difficulties because of its complex nature. The adoption of Kubernetes by businesses leads organizations…

Read more →

As part of the Android Application Security series, we are going to understand the security controls provided by Android OS (operating system) to protect the applications that are running on the device. Without these security controls in place, the data…

Read more →

Can an identity exist without being referenced by another identity? How would we know? That might seem a bit philosophical for a security tech article, but it is an important point to keep in mind when tackling the subject of…

Read more →

At the ASF’s flagship Community Over Code North America conference in October 2024, keynote speakers underscored the vital role of open-source communities in driving innovation, enhancing security, and adapting to new challenges.  By highlighting the Cybersecurity and Infrastructure Security Agency’s…

Read more →

As the Trump administration revokes Executive Order 14110, the U.S. shifts toward a market-driven AI strategy, departing from the Biden administration’s regulatory framework. While proponents see this as a catalyst for innovation and economic growth, critics warn of increased risks,…

Read more →

Keycloak is a powerful authentication and authorization solution that provides plenty of useful features, such as roles and subgroups, an advanced password policy, and single sign-on. It’s also very easy to integrate with other solutions.  We’ve already shown you how…

Read more →

What Is Data Governance, and How Do Data Quality, Policies, and Procedures Strengthen It? Data governance refers to the overall management of data availability, usability, integrity, and security in an organization. It encompasses people, processes, policies, standards, and roles that ensure…

Read more →

DuckDb is a powerful in-memory database that has a parallel processing feature, which makes it a good choice to read/transform cloud storage data, in this case, AWS S3. I’ve had a lot of success using it and I will walk…

Read more →

No matter where your company is located and in which field it operates, one thing is always true: today, SOC 2 is one of the standards tech companies should meet to be recognized for their security practices. If you’re tackling…

Read more →

OAuth 2.0 is a widely used authorization framework that allows third-party applications to access user resources on a resource server without sharing the user’s credentials.  The Password Grant type, also known as Resource Owner Password Credentials Grant, is a specific…

Read more →

Unit testing is an essential part of software development. Unit tests help to check the correctness of newly written logic as well as prevent a system from regression by testing old logic every time (preferably with every build). However, there…

Read more →

Datadog has 600+ out-of-the-box integrations that cover a variety of technologies, from web servers to databases to 3rd party SaaS services. For many of these integrations, there are agent configuration files that require storing credentials for the technology. The larger…

Read more →

Libraries can rise to stardom in months, only to crash and fade into obscurity within months. We’ve all seen this happen in the software development world, and my own journey has been filled with “must-have” JavaScript libraries, each claiming to…

Read more →

Implementing cryptographic primitives securely is crucial for maintaining the integrity, confidentiality, and authenticity of data in Go applications. This guide will walk you through the process of implementing and testing various cryptographic primitives using Go’s standard library and best practices.…

Read more →

I’m originally a .NET developer, and the breadth and depth of this framework are impressive. You probably know the phrase, “When all you have is a hammer, everything looks like a nail.” Nevertheless, although I wrote a few articles about…

Read more →

Remember when you had to squint at wonky text or click on traffic lights to prove you’re human? Those classic CAPTCHAs are being rendered obsolete by the day. As artificial intelligence improves, these once-reliable gatekeepers let automated systems through. That…

Read more →

As transitioning to the digital world is the norm today, businesses face the challenge of constantly maximizing performance while keeping a lookout for potential threats. However, whether it’s spotting fraud in banking and eCommerce, moderating content on social media and…

Read more →

Let’s face it: frontend security often gets overlooked. With so much focus on UI/UX and performance, it’s easy to assume that back-end APIs and firewalls are taking care of all the heavy lifting. But the reality is that your beautiful…

Read more →

Over the past one and a half years, I was involved in designing and developing a multi-tenant treasury management system. In this article, I will share our approaches to the data isolation aspect of our multi-tenant solution and the learnings…

Read more →

Sluggish build times and bloated node_modules folders are issues that many developers encounter but often overlook. Why does this happen? The answer lies in the intricate web of npm dependencies. With every npm install, your project inherits not only the…

Read more →

Kubernetes has grown to become the go-to platform for container orchestration. While the flexibility and scalability that make Kubernetes interesting also present substantial security challenges, perimeter-based security has become outdated in these organizations, and thus, they are willing to switch…

Read more →

When organizations handle sensitive information, ensuring its security and maintaining compliance are paramount. Two key frameworks in this domain are ISO 27001 and SOC 2. While they share common goals, they differ significantly in their approach, scope, and purpose. Here’s…

Read more →

Do we really need to break text into tokens, or could we work directly with raw bytes? First, let’s think about how do LLMs currently handle text. They first chop it up into chunks called tokens using rules about common…

Read more →

Today, automated bot traffic creates a very costly and complex challenge for organizations in the modern digital environment. The traditional defenses present the platform operators with a paradox: the very methods effective in keeping the bots away frustrate legitimate users,…

Read more →

Traditional internal developer platforms (IDPs) have transformed how organizations manage code and infrastructure. By standardizing workflows through tools like CI/CD pipelines and Infrastructure as Code (IaC), these platforms have enabled rapid deployments, reduced manual errors, and improved developer experience. However,…

Read more →

Data breaches cost organizations an average of $4.45 million in 2023. This shows how secure data processing is becoming more crucial by the day, and the challenge grows more complex with sensitive information in cloud environments. AWS enclave technology solves…

Read more →

Artificial intelligence (AI) has transformed industries by driving innovation and efficiency across sectors. However, its rapid adoption has also exposed vulnerabilities that bad actors can exploit, making security a paramount concern. This article talks about the challenges and strategies to…

Read more →

The industry’s increasing focus on secure container images is undeniable. Companies like Chainguard — specializing in delivering container images free of CVEs — have demonstrated the demand by recently raising an impressive $140 million at a $1.1 billion valuation. In…

Read more →

In today’s digital era, cybersecurity is a cornerstone of maintaining trust and reliability in cloud operations. A managed threat detection service by AWS, like Amazon GuardDuty, can help secure your environment by analyzing activity and identifying potential risks. This hands-on…

Read more →

What Is AI Data Governance? Artificial Intelligence (AI) governance refers to the frameworks, policies, and ethical standards that guide AI technologies’ development, deployment, and management. It encompasses a range of considerations, such as data privacy, algorithmic transparency, accountability, and fairness…

Read more →

Security comes down to trust. In DevOps and our applications, it really is a question of “should this entity be allowed to do that action?” In an earlier time in IT, we could assume that if something was inside a…

Read more →

The primary inspiration for this article was my feeling that unfortunately, IT and Cyber too often work in silos — with security constraints often poorly addressed or insufficiently shared. It was also inspired by meetings with people working in Cyber,…

Read more →

With organizations shifting at a rapid pace to the cloud, securing the infrastructure is of paramount importance in their list of priorities. Even though AWS provides a varied set of tools and services related to security and compliance. There are…

Read more →

In the IoT world, security is one of the biggest challenges. When you’re connecting multiple devices together over a network, various doors are left ajar to security threats, along with an increase in the number of doors themselves that open…

Read more →

This article was written using Ballerina Swan Lake Update 10.0 (2201.10.0) but is expected to remain compatible with newer versions. DocuSign is a leading digital transaction management platform that allows users to sign, send, and manage documents securely and efficiently.…

Read more →

Cloud computing has become one of the core building blocks for modern software development. It underpins scalable web applications and forms a foundation for national infrastructure. In turn, as more enterprises and organizations adopt the cloud, the increased efficiency and…

Read more →

The museum of old and new architectures I am involved with forced me to look into safeguarding them. For instance, an old dependency can turn CVE or a solid open-source project can go commercial. This is where the concept of…

Read more →

Data governance refers to the policies and processes that ensure the management, integrity, and security of organizational data. Traditional frameworks like DAMA-DMBOK and COBIT focus on structured data management and standardizing processes (Otto, 2011). These frameworks are foundational in managing…

Read more →

Organizations face the growing challenge of managing, protecting, and governing data across diverse environments. As data flows through hybrid cloud systems, multi-cloud environments, and on-premises infrastructures, maintaining a cohesive, secure data ecosystem has become a complicated and daunting affair.  A…

Read more →

Mobile applications have become indispensable across industries, from banking to healthcare. However, their rapid growth has led to an equally fast increase in security threats. The problem lies in the increasing sophistication of attacks on mobile platforms, the rising volume…

Read more →

As enterprises expand their software development practices and scale their DevOps pipelines, effective management of continuous integration (CI) and continuous deployment (CD) processes becomes increasingly important. GitHub, as one of the most widely used source control platforms, plays a central…

Read more →

2025 is knocking on the door, and software development is changing at a rapid pace due to advanced technologies. Tech advancements like AI have transformed how developers create, deploy, and scale software. To stay ahead of the curve, developers need…

Read more →

Classic Case 1 Many software professionals lack in-depth knowledge of TCP/IP logic reasoning, which often leads to misidentifying problems as mysterious problems. Some are discouraged by the complexity of TCP/IP networking literature, while others are misled by confusing details in…

Read more →

Ephemeral containers in Kubernetes are a powerful feature that allows operators to debug and troubleshoot running Pods by creating short-lived containers within the same Pod. This is particularly helpful for issues that cannot be replicated in a separate environment. By…

Read more →

Creating a video-sharing application like YouTube is not just about front-end design and data storage; you need to have secure dynamic control over what users can see and do. With Svelte.js handling the interface and Firebase supporting backend functionalities, integrating…

Read more →

As cloud adoption continues to accelerate, securing sensitive data while complying with regulations like GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and HIPAA (Health Insurance Portability and Accountability Act) is paramount. The flexibility and scalability that cloud environments offer also…

Read more →

As we move away from using Postman, many of us are transitioning to Insomnia for API testing. In this article, I will share how I’ve set up Insomnia to streamline my own workflow. While Insomnia offers a wide range of…

Read more →

Understanding DuckDB for Data Privacy and Security Data privacy and security have become critical for all organizations across the globe. Organizations often need to identify, mask, or remove sensitive information from their datasets while maintaining data utility. This article explores…

Read more →

In the rapidly evolving field of Incident Response (IR), prompt engineering has become an essential skill that leverages AI to streamline processes, enhance response times, and provide deeper insights into threats. By creating precise and targeted prompts, IR teams can…

Read more →

Automated API testing offers multiple benefits, including speeding up the testing lifecycle and providing faster feedback. It helps in enhancing the efficiency of the APIs and allows teams to deliver the new features speedily to the market. There are multiple…

Read more →

In today’s enterprise landscape, containerization has become almost synonymous with modern application deployment. However, with containers handling sensitive data and critical business operations, security should be carefully considered and implemented. I’ve spent years securing containerized applications in the financial sector,…

Read more →

As artificial intelligence (AI) continues to revolutionize industries, its role in critical applications continues to grow exponentially. With all this innovation comes a growing concern — how do we keep AI systems secure? Unlike traditional applications, AI deals with highly…

Read more →

In the hustle to deliver value, development teams can unknowingly create software architectures that hinder their long-term progress. Initially, everything seems fine — features are shipping, continuous integration (CI) jobs are passing, and the product actually works. Yet, beneath the…

Read more →

Generative Artificial Intelligence (GenAI) adoption is picking up pace. According to McKinsey, the rate of implementation has doubled compared to just ten months prior, with 65 percent of respondents saying their companies regularly use GenAI. The promise of disruptive impact…

Read more →

OneLake in Microsoft Fabric aims to provide an enterprise with a consolidated analytical approach by developing its data and tools into one logical base. OneLake, which is automatically available across all Microsoft Fabric tenants, enables users to manage large volumes…

Read more →

Cloud IaaS providers like AWS, Azure, OCI, and GCP operate on a shared responsibility model. While they secure the underlying infrastructure, You, as a customer, are responsible for protecting data, applications, and access management. The rapid adoption of cloud services…

Read more →

As Kubernetes continues to gain traction in the realm of container orchestration, ensuring the security of container images has become paramount. Two prominent tools that focus on securing the software supply chain in Kubernetes environments are Cosign and Connaisseur. While…

Read more →

Microservices architecture has reshaped the way we design and build software, emphasizing scalability, maintainability, and agility. Two frameworks, Dropwizard and Micronaut, have gained prominence in the microservices ecosystem, each offering unique features to simplify and optimize development. In this article,…

Read more →

APIs play a critical role in web applications in the modern digital world. They are the means by which diverse components of the software talk to each other and effectively communicate. Thus, with the growing use of APIs, new kinds…

Read more →

Being a backend developer and having worked for years in the jungle of authentication and identity management, I can attest to the fact that implementing seamless SSO is often way more complex than it seems. I have witnessed how organizations…

Read more →

NodeJS is a very popular platform for building backend services and creating API endpoints. Several large companies use NodeJS in their microservices tech stack, which makes it a very useful platform to learn and know, similar to other popular languages…

Read more →

Kubernetes is not new and has been a de-facto standard of deployments and CI/CD at most companies for a while. The goal of this article is to make you familiar with all the terms and jargon that Kubernetes experts use,…

Read more →