Tag: DZone Security Zone

SmartStoreNET is the leading open-source e-commerce platform for .NET, which makes it suitable for companies running Windows Server. Next to the operation of an online business, it offers advanced features, such as CRM tools, a blog, and a forum. As…

Read more →

Azure Data Box is a product offered by Microsoft Azure that helps organizations transfer large amounts of data securely and efficiently to and from Azure. It is similar to AWS Snowball Edge or/ Google Transfer Appliance. The purpose of the Azure…

Read more →

A popular and practical use case for web3 is generating tickets to live events. Blockchains such as Ethereum can guarantee the ownership, originator, and authenticity of a digital item, effectively solving the problem of counterfeit tickets. While major players such…

Read more →

As more applications are deployed in Kubernetes clusters, ensuring that traffic flows securely and efficiently between them becomes increasingly important. Kubernetes Network Policies are a powerful tool for controlling traffic flow at the IP address or port level, but implementing…

Read more →

Security was mostly perimeter-based while building monolithic applications. It means securing the network perimeter and access control using firewalls. With the advent of microservices architecture, static and network-based perimeters are no longer effective. Nowadays, applications are deployed and managed by…

Read more →

Jenkins is a popular open-source automation server that is widely used for building, testing, and deploying software. It allows developers to automate many aspects of their software development process, including continuous integration and continuous deployment. As with any continuous integration…

Read more →

Data encryption is one of the most prevalent digital safety measures since it safeguards information and reduces the impact of cyber threats. Modern organizations incorporate encryption in various daily activities, such as communication and payments. That said, it is essential…

Read more →

If you’re a developer working on a web3 app, you know that onboarding mainstream users into web3 is difficult. Even with the promise of truly owning your data, making near-free worldwide payments, and using a censorship-free system, the current process…

Read more →

Cloud Implementation has become a key component of modern IT systems, enabling organizations to scale their operations and reduce costs. However, managing cloud infrastructure seamlessly and driving a cloud deployment securely is not easy. It requires a deep understanding of…

Read more →

As developers, we are always on the lookout for tools and technologies that can improve our products and services. In this article, we will discuss the key differences between Tornado and FastAPI, two popular web frameworks for Python. Additionally, we…

Read more →

DevSecOps, in layman’s language, is a combined form of software development, security, and software operations. According to Gartner’s research, “It is estimated that at least 95% of cloud security failures through 2022 will be the fault of the enterprise”. Therefore,…

Read more →

As an experienced full-stack developer with 30 years of experience, I’ve witnessed a lot of changes in tech, from the advent of the internet to the excitement of Java to the rise of cloud computing.  Recently, I decided to embark…

Read more →

The most popular container orchestration software alternatives available today are OpenShift and Kubernetes.  In this article, we are going to be comparing OpenShift and Kubernetes, and let me tell you, the comparison is far from fair. Indeed, comparing OpenShift and Kubernetes…

Read more →

Data fabric architecture is a modern approach to data management that provides a unified, scalable, and agile framework for organizations to manage and leverage data across diverse environments. It is designed to address the challenges posed by the growing volume,…

Read more →

Web3, blockchain technology, and cryptocurrency are all fascinating topics. The technology, applications, ecosystem, and the impact on society are all moving at incredible speeds. In this article, we will talk about learning web3 development from the point of view of…

Read more →

Cybersecurity for embedded devices, such as the Internet of Things (IoT) and other connected devices, is becoming increasingly important as these devices become more ubiquitous in our daily lives. The risks of the rising tide of security threats are significant.…

Read more →

Application Programming Interfaces (APIs) are the backbone of modern software development and are now vital strategic assets for large enterprises. However, with increasing API proliferation and subsequent sprawl, APIs can also pose significant security risks for enterprises. Shadow or zombie…

Read more →

“Set it and forget it” is the approach that most network teams follow with their authoritative Domain Name System (DNS). If the system is working and end-users find network connections to revenue-generating applications, services, and content, then administrators will generally…

Read more →

Authentication is the process of identifying a user and verifying that they have access to a system or server. It is a security measure that protects the system from unauthorized access and guarantees that only valid users are using the…

Read more →

Health Insurance Portability and Accountability Act (HIPAA) regulations must be followed by any software used in the healthcare industry that manages electronic patient health information (ePHI). Federal law outlines requirements to guarantee that private patient health information is not disclosed…

Read more →

Secrets leakage is a growing problem affecting companies of all sizes, including GitHub. They recently made an announcement on their blog regarding an SSH private key exposure: [Last week, GitHub] discovered that GitHub.com’s RSA SSH private key was briefly exposed…

Read more →

There are many new L2s emerging in the web3 ecosystem with the goal of improving Ethereum’s scalability. These L2s use a variety of solutions to create layers on top of Ethereum that are faster, cheaper, and yet still benefit from…

Read more →

AWS Cloud Development Kit (AWS CDK) is a powerful tool that allows developers to define cloud infrastructure in code using familiar programming languages like TypeScript, Python, and Java. However, as with any infrastructure-as-code tool, it’s important to ensure that the…

Read more →

In recent times, cybersecurity has become an increasingly important issue. Last summer, a global study found that 82% of CIOs felt that their organizations were vulnerable to cyberattacks. This is because the number of cyber-attacks and identity thefts has increased worldwide.…

Read more →

In today’s business environment, company reorganizations are common. Reorganization can be difficult for managers, especially new ones, whether due to mergers and acquisitions, changes in business strategy, or economic factors. In today’s fast-paced business world, reorganizations are becoming more common…

Read more →

When you think of Baltimore, Maryland, you might immediately think of The Ravens, Edgar Allan Poe, or Old Bay Seasoning. Moving forward, I will always associate “BMore” (as the locals call it) with improved security across the public and private…

Read more →

If you’re developing applications for a business, then one of your most important tasks is collecting payment for goods or services. Sure, providing those goods or services is essential to keeping customers happy. But if you don’t collect payments, your…

Read more →

API governance refers to the set of policies, procedures, and practices that organizations adopt to ensure the effective management and control of their Application Programming Interfaces (APIs). A well-designed API governance framework helps organizations to establish guidelines and best practices…

Read more →

In the previous article, we discussed the emergence of Date Lakehouses as the next-generation data management solution designed to address the limitations of traditional data warehouses and Data Lakes. Data Lakehouses combines the strengths of both approaches, providing a unified…

Read more →

Containerization has resulted in many businesses and organizations developing and deploying applications differently. A recent report by Gartner indicated that by 2022, more than 75% of global organizations would be running containerized applications in production, up from less than 30%…

Read more →

We have previously written posts on how to manage uncodified legacy apps on different platforms like AWS. In this post, we’d like to look at the very popular Okta platform, which provides some of the largest companies in the world…

Read more →

FileNet is a document management system developed by IBM that allows organizations to manage and store their digital content. Document Security is an essential aspect of any document management system, including FileNet.  Important Considerations for FileNet Security 1. Authentication: FileNet provides…

Read more →

In today’s digital age, organizations rely on a variety of applications and systems to carry out their business operations. However, managing user identities and access across multiple systems can be a complex and time-consuming process. This is where identity federation…

Read more →

GoCD is a popular Java CI/CD solution with a large range of users, from NGOs to Fortune 500 companies, with billions of dollars in revenue. Naturally, this makes it a critical piece of infrastructure and an extremely attractive target for…

Read more →

Identity and Access Management (IAM) is one of the critical components of any commercial software. As the name suggests, IAM solutions cover the identity of the users, their roles, privileges, authentication, and authorization. Long story short, IAM is based on…

Read more →

When you first start developing on Ethereum, you quickly discover how critical it is to test your dapps — even more so than in traditional development. But almost as quickly as learning you need to test is learning that it’s…

Read more →

TestOps is an emerging approach to software testing that combines the principles of DevOps with testing practices. TestOps aims to improve the efficiency and effectiveness of testing by incorporating it earlier in the software development lifecycle and automating as much…

Read more →

As companies rely increasingly on multiple applications residing in different regions and networks, security has become a critical concern. The process of accessing these applications can be complex and challenging, particularly when they are running in different data centers and…

Read more →

Dependency Poker is an Agile game — similar to planning poker — that enables teams to identify and manage dependencies in the development process. It can be utilized in Backlog Refinement or SAFe’s PI Planning to enhance collaboration and reduce project risks.  The…

Read more →

In this article, I will discuss the process of zipping a file using Mule 4 with AES 2565 encryption. Here is the background in some cases after generating the output file in the Unix server.the file needs to move to…

Read more →

In the aftermath of the pandemic, there have been immense changes in the ways employees interact with IT tools and teams. Not coincidentally, there’s also been a rise in the use of low/no-code development tools. Given the prevalence of hybrid…

Read more →

Software has become an essential part of our daily lives, from the apps on our phones to the programs we use at work. However, software, like all things, has a lifecycle, and as it approaches its end-of-life (EOL).  Then it…

Read more →

In today’s data-driven world, businesses across industries are increasingly dependent on data warehouse and data lake solutions to store, process, and analyze their ever-growing volumes of data. These traditional approaches have played a crucial role in helping organizations unlock the…

Read more →

AI is the fastest-moving technology with a solution for every security concern for an enterprise. From building a privacy layer for data management systems to using natural language processing for detecting fraud in inbound messages such as emails, there’s an abundance…

Read more →

Data migration is the process of moving data from one location to another, which is an essential aspect of cloud migration. Data migration involves transferring data from on-premise storage to the cloud. With the rapid adoption of cloud computing, businesses…

Read more →

Day two of Dynatrace Perform began with a great discussion between Kelsey Hightower, Distinguished Developer Advocate at Google Cloud Platform and Andi Grabner, DevOps Evangelist at Dynatrace. The theme of their discussion was redefining the boundaries of people, processes and…

Read more →

As IoT becomes increasingly common in our lives in areas such as healthcare, smart homes, smart cities, and self-driving vehicles, the security of the devices becomes more important. Not only do we need to protect the data that all these…

Read more →

Consumer data theft and exploitation is a growing business with low barriers to entry and high payouts. This has led to a rise in attacks worldwide. In 2021, over 290 million people in the US alone were victims of data…

Read more →

Legacy applications refer to software created years or even decades ago using programming languages that are no longer in use. Refactoring is the process of updating or improving applications to make them more useful and efficient. This article will discuss…

Read more →

As companies increasingly embrace cloud-native applications, ensuring security has become an even greater priority. While the cloud provides many advantages, it also presents new security risks that demand a new approach to safeguarding traditional applications. A completely new security mindset…

Read more →

Shift-left testing is a software testing approach where testing is moved to an earlier phase in the development process, closer to the development phase. The goal of shift-left testing is to catch and fix defects as early as possible in the…

Read more →

It is believed that no other technology has had a greater impact on the world in the last ten years than AI. Artificial intelligence, which gives robots the ability to learn based solely on data, is being incorporated into almost…

Read more →

Web testing entails validating a website to ensure it works correctly and fulfills its purpose. The activities can include checking that all links on the website work and the website is compatible with different browsers, devices, and operating systems. Testing…

Read more →

OpenSSH is a free and open-source suite of secure networking utilities that has become a critical tool for system administrators and developers who need to securely manage and access remote systems over unsecured networks. In this article, we will take…

Read more →

As software applications grow more complex, the importance of testing increases. Testing helps ensure that software meets the required standards and functions as expected. However, testing can be a time-consuming and resource-intensive process, particularly when it comes to scaling efforts…

Read more →

Docker has revolutionized the way we build and deploy applications. It provides a platform-independent environment that allows developers to package their applications and dependencies into a single container. This container can then be easily deployed across different environments, making it…

Read more →

What Is SIEM? SIEM stands for Security Information and Event Management. It is a software solution that provides real-time analysis of security alerts generated by network hardware and applications. SIEM collects log data from multiple sources such as network devices,…

Read more →

Ethereum has experienced dazzling growth in recent years. According to YCharts, the programmable blockchain now has approximately 220 million unique addresses. Linked to the increase in users is an explosion in the number of dApps. Global companies and startups across…

Read more →

Lately, I’ve come across a lot of discussions and articles about Spring’s feature called Profiles that are promoting them as a way to separate environment-specific configurations, which I consider a bad practice. Common Examples The typical way profiles are presented…

Read more →

Security in one’s information system has always been among the most critical non-functional requirements. Transport Layer Security, aka TLS and formerly SSL, is among its many pillars. In this post, I’ll show how to configure TLS for the Apache APISIX…

Read more →

In this article, we’re going to discuss the CVE-2020-36620 vulnerability and see how a NuGet package for converting string to enum can make a C# application vulnerable to DoS attacks. Imagine a server application that interacts with a user. In…

Read more →

The Current State of AWS Log Management Security professionals have used log data to detect cyber threats for many years. It was in the late 1990s when organizations first started to use Syslog data to detect attacks by identifying and…

Read more →

The Java 9 release in 2017 saw the introduction of the Java Module System. This module system was developed directly for the Java language and is not to be confused with module systems such as IntelliJ Idea or Maven. The…

Read more →

Users expect to be able to use apps across devices and browsers. As a result, you must conduct thorough different API testing types to understand how well it works and whether it can perform its primary functions. Some testers need…

Read more →

Penetration testing, also known as pen testing, is the process of testing a computer system, network, or web application to find vulnerabilities and weaknesses that hackers can exploit. The goal of a penetration test is to identify and report vulnerabilities…

Read more →

While government agencies always put their best foot forward in offering seamless and secure customer services to their citizens, several employees, resources, and third-party contractors share a lot of sensitive information.  And here’s where the risk of data theft increases…

Read more →

Status pages are now an essential service offered by all Software-as-a-Service companies. To help their adoption, startups quickly conceived status pages as-a-service, and open-source self-hosted alternatives were made available. Cachet, also sometimes referred to as CachetHQ, is a broadly adopted…

Read more →

The benefits of adopting cloud-native practices have been talked about by industry professionals ad nauseam, with everyone extolling its ability to lower costs, easily scale, and fuel innovation like never before. Easier said than done. This article has been indexed…

Read more →

Setting up a VPN server to allow remote connections can be challenging if you set this up for the first time. In this post, I will guide you through the steps to set up your own VPN Server and connect…

Read more →

What Is OpenSSL Command? OpenSSL is an open-source-based implementation of the SSL protocol, with versions available for Windows, Linux, and Mac OS X. It is a highly versatile tool used to create CSRs (Certificate Signing Requests) and Private Keys as…

Read more →

In public key cryptography, the combination of private and public keys is considered the primary component. Both the keys come in pairs. So a public or private key will only function with the associated public or private key. It means…

Read more →

XDR is a security system that has been designed to collect, correlate and contextualize alerts from a range of different solutions across servers, applications, networks, endpoints, cloud workloads, and other areas. It incorporates SaaS-based, cloud-native technology. What Is XDR?  XDR…

Read more →

The world runs on data. Data scientists organize and make sense of a barrage of information, synthesizing and translating it so people can understand it. They drive the innovation and decision-making process for many organizations. But the quality of the…

Read more →

You work for any software deployment project, you deploy code in multiple environments and test it.  You test the site with HTTP, not HTTPS. Why? you need an SSL certificate for it. Getting a certificate for a lower environment could…

Read more →

For the first time since 2019, the “world’s largest developer and engineering expo” was back in person, this time in Oakland in February: DeveloperWeek 2023! Approximately 2000 attendees, speakers, and exhibitors got together face to face to meet and talk…

Read more →

In a recent project, I worked with a client who was managing over 100 accounts and recently adopted AWS Control Tower. Despite this, I noticed that the management of CIDR ranges was still a manual process and all IP ranges…

Read more →

Workstations, laptops, and smartphones are no longer the only web-enabled electronic devices in workplaces. The rise of wearables and the Internet of Things has added more gadgets that connect to the internet at home. This has created more conveniences but…

Read more →

Cybersecurity experts are always learning the latest methods criminals are using to break into networks and steal data — but sometimes the criminals don’t need nefarious solutions. Especially not when people take an average of 277 days to recognize a…

Read more →

Developers and DevOps teams have embraced the use of containers for application development and deployment. They offer a lightweight and scalable solution to package software applications. The popularity of containerization is due to its apparent benefits, but it has also…

Read more →

The advancement in disruptive technologies has given rise to a plethora of opportunities for miscreants to fuel cyber sabotage and data integrity risk. The proliferation of cloud-based technologies has accelerated the process of data exchange and sharing—data is more easily…

Read more →

Imagine burglars have stolen the keys to your home, which they then use to get inside and take whatever they want without being detected. A privileged account access breach is a bit like this. Cybercriminals can gain access to a…

Read more →

What Does ERR_SSL_PROTOCOL_ERROR Mean? ERR_SSL_PROTOCOL_ERROR is an error message that Chrome shows when a website has a problem with the SSL/TLS certificate. SSL/TLS is the protocol that encrypts data between your browser and the web server, and it’s essential for…

Read more →

As a software developer with over a decade of experience, I’ve witnessed firsthand the evolution of software development practices. One such practice that has gained significant traction in recent years is DevSecOps. In my opinion, DevSecOps is a necessary evolution…

Read more →

In this article, we will discuss authentication and authorization using the JWT token and different cryptographic algorithms and techniques. So, we will be looking at the following things one by one: Introduction of JWT Token Why JWT Token? Structure of…

Read more →

The Southwest Airlines fiasco from December 2022 and the FAA Notam database fiasco from January 2023 had one thing in common: their respective root causes were mired in technical debt. At its most basic, technical debt represents some kind of…

Read more →

The blockchain space has gained considerable momentum over the past few years. Cryptocurrency remains this technology’s most widely recognized use case, but new applications and benefits emerge as it grows. For example, supply chain optimization is one less glamorous but…

Read more →

In the world of computing, security plays a crucial role in safeguarding resources. Over the past decade, various security models have been created to ensure the confidentiality, integrity, and availability of information. They present methods that organizations can adopt to…

Read more →

Application modernization has become a hot topic in recent years as organizations strive to improve their systems and stay ahead of the competition. From improved user experience to reduced costs and increased efficiency, there are many reasons companies consider modernizing…

Read more →

Quick Introduction to the Software Supply Chain Recently, “software supply chain attack” has been breaking all the news headlines. One infamous example is the SolarWinds attack or the 2020 United States federal government data breach. In fact, according to a…

Read more →

The RSA algorithm is a commonly used method for secure data transmission in the field of cryptography. It is a type of public-key encryption, which means that it uses two different keys for the encryption and decryption process: a public…

Read more →

Lots of companies are eager to provide their identity provider: Twitter, Facebook, Google, etc. For smaller businesses, not having to manage identities is a benefit. However, we want to avoid being locked into one provider. In this post, I want…

Read more →

Whether you’re at a startup, enterprise, or something in between, authorization and access control are likely major pain points for your team. This week on Dev Interrupted, we talk to Omri Gazitt, co-founder and CEO of Aserto. Omri joins us…

Read more →

AWS multi-account strategy is a powerful method of managing multiple AWS accounts within an organization. It is designed to help organizations scale and manage their cloud infrastructure more effectively while maintaining security and compliance. In this article, we will explore…

Read more →

Learning Adaptability A few weeks ago, my laptop crashed during a meeting. It was painful as I was about to start on an exciting new feature that my Product Owner (PO) had just proposed. I immediately rushed to the IT…

Read more →

In this article, we are going to discuss dependency injection and its usage and benefits. We will also discuss different ways to implement dependency injection. Prerequisites Basic understanding of the C# programming language. Understanding of Object-Oriented programming. Basic understanding of…

Read more →

One of the biggest concerns when using Kubernetes is whether we are complying with the security posture and taking into account all possible threats. For this reason, OWASP has created the OWASP Kubernetes Top 10, which helps identify the most…

Read more →

An API (Application Programming Interface) acts as an intermediary between two distinct software applications, enabling seamless communication and data exchange. By providing a standardized interface, APIs offer developers the ability to access specific functionalities or data from another software application…

Read more →

Organizations worldwide store 60% of their data in the cloud. The popularity of cloud computing will be undisputed in 2023 and is predicted to grow in future years. The main benefits of using cloud storage and computing services to run…

Read more →

What Is Product Security? Product Security is a process within the Cybersecurity function which aims to deliver a secure product, which includes the organization’s Web applications, Web services, Mobile applications, or any hardware manufactured. This focuses on considering security at…

Read more →

If you have ever encountered the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, you may have been puzzled by what it means and how to fix it. In this post, we will explain what causes this error and provide some tips on how to resolve…

Read more →