Tag: DZone Security Zone

In any organization, it is a best security practice to have an SSL certificate installed on servers, applications, and databases. To get an SSL certificate, the first step is to have or build a Certificate Authority (CA). SSL Certificates and…

Read more →

As the use of artificial intelligence (AI) grows more widespread, it is finding its way into cybersecurity. According to research from Markets and Markets, global organizations are projected to spend $22.4 billion on AI solutions for cybersecurity this year. Usama…

Read more →

There is a common problem most backend developers face at least once in their careers: where should we store our secrets? It appears to be simple enough, we have a lot of services focusing on this very issue, we just…

Read more →

Last week, I wrote about putting the right feature at the right place. I used rate limiting as an example, moving it from a library inside the application to the API Gateway. Today, I’ll use another example: authentication and authorization.…

Read more →

Since the first introduction of the term DevOps, it seems that new ‘Ops” related terms pop up as quickly as technology trends. For example: AIOPs: Enhance and automate various IT processes with AI. MLOps: Develop, deploy, and manage machine learning.…

Read more →

On Randomness in Data Picking a random number might seem to be a no-brainer for us humans. We just close our eyes and say the first number that comes to our minds. But is this really the case for computers?…

Read more →

Making the test readable and maintainable is a challenge for any software engineer. Sometimes, a test scope becomes even more significant when we need to create a complex object or receive information from other points, such as a database, web…

Read more →

IAM stands for “Identity and Access Management.” IAM provides answers to the fundamental question in DevOps: “Who can access what?” The roots of IAM go back to the early days of computing, where users of UNIX systems needed a username…

Read more →

We live in a world where applications are used to do everything, be it stock trading or booking a salon, but behind the scenes, the connectivity is done using secrets. Secrets, such as database passwords, API keys, tokens, etc., must…

Read more →

Testing is a best-case scenario to validate the system’s correctness. But, it doesn’t predict the failure cases that may occur in production. Experienced engineering teams would tell you that production environments are not uniform and full of exciting deviations. The…

Read more →

The 2023 conference season officially kicked off on February 1st in Seattle. Over 1000 attendees, speakers, and security tool vendors gathered in Seattle for CloudNativeSecurityCon, the first stand-alone, in-person event of its kind. Over the course of 2 days and over…

Read more →

APIs (Application Programming Interfaces) are used to connect software applications, allowing them to share data and functionality. APIs are an essential part of modern software development, enabling developers to create more powerful and complex applications. However, APIs can also pose…

Read more →

A few days ago, I read an article by the author of Core-js. To be honest, it was my first time hearing about Core-js. As someone who has written some front-end code and has been keeping up with open source…

Read more →

Telecoms fraud is a prevalent and ever-evolving issue that affects both business and individual customers in the telecommunications industry. It encompasses a range of fraudulent and abusive activities that can cause significant financial damage to companies and individuals alike. Ranging…

Read more →

I recently gave a talk at CNCF Security Conference North America on the subject of zero-trust computing. In this post, I’ll provide an overview of the material from that talk, discussing how zero-trust computing is supported at the module, runtime,…

Read more →

Most apps have some sort of authentication. For this post, we will see how this flow works using Google’s One Tap sign-in, Firebase, and Amity. The tech stack we will be using is: This article has been indexed from DZone…

Read more →

Where It Started: History of Angular and React Angular  AngularJS was developed by Google (by Igor Minar, a former Google employee) as an open-source framework for developing Single Page Applications (SPA).  Other companies such as Netflix, Microsoft, PayPal, and more…

Read more →

Artificial intelligence (AI) is transforming the way we live and work in many ways, and cybersecurity is no exception. As AI becomes more and more advanced and accessible, it is changing the way we protect our systems and data against Cyber…

Read more →

Data masking, as we know, obscures sensitive information by replacing it with realistic but fake values, making it suitable for use in testing, demonstrations, or analytics.  It preserves the structure of the original data while altering its values through sophisticated…

Read more →

There is a common problem most backend developers face at least once in their careers: where should we store our secrets? It appears to be simple enough, we have a lot of services focusing on this very issue, we just…

Read more →

What Is Distributed Tracing? The rise of microservices has enabled users to create distributed applications that consist of modular services rather than a single functional unit. This modularity makes testing and deployment easier while preventing a single point of failure…

Read more →

Vendor security assessments can be very complex, especially when it comes to analyzing modern solutions. Obsolete threat modeling principles and frameworks become extremely unreliable and tricky as complexity increases. Security analysis also becomes further intricate as it is not limited…

Read more →

Transitioning to a managerial role could be hard. One day, you are developing and reviewing code. The next day, you are handling not just individuals but a multitude of teams, evolving into a people person and leading your squad toward…

Read more →

Security in software development is a critical issue that is often addressed late in the software development process (SDLC). However, with the increasing demand for secure applications and systems, integrating security into all stages of the SDLC has become essential.…

Read more →

API-First is an approach to software development that emphasizes designing and developing the API as the primary focus of development. This approach offers many benefits, including increased flexibility, reduced development time, increased reliability, and easier testing. By developing the API…

Read more →

Microsoft offers an Azure Key Vault, which is responsible for storing and managing secrets, keys, and certificates. All of them are present in a Hardware Security Module (HSM) that adheres to the standards of the industry. This suggests that “EV Code…

Read more →

Kubernetes is an open-source container orchestration platform that helps manage and deploy applications in a cloud environment. It is used to automate the deployment, scaling, and management of containerized applications. It is an efficient way to manage application health with…

Read more →

With the modern patterns and practices of DevOps and DevSecOps, it’s not clear who the front-line owners are anymore. Today, most organizations’ internal audit processes have lots of toils and low efficacy. This is something John Willis, in his new…

Read more →

This article will describe how to set up an SSL in a Spring Boot application. Almost all articles recommend you create a Keystore file using the Java key tool, and it still could make sense, but something new came up.  This…

Read more →

In a microservices architecture, it’s common to have multiple services that need access to sensitive information, such as API keys, passwords, or certificates. Storing this sensitive information in code or configuration files is not secure because it’s easy for attackers…

Read more →

Static code analysis is a method of debugging that involves reviewing source code prior to running a program. It is accomplished by comparing a set of code against one set or several sets of coding rules. Static code analysis is…

Read more →

I attended Dynatrace Perform 2023. This was my sixth “Perform User Conference,” but the first over the last three years. Rick McConnell, CEO of Dynatrace, kicked off the event by sharing his thoughts on the company’s momentum and vision. The…

Read more →

HTTP 1 vs. HTTP 1.1 vs. HTTP 2: Key Differences Between the Three HTTP Versions Comparisons are common, and it is nothing different in the cybersecurity world. One such technology is hypertext transfer protocol (HTTP). This is why there is…

Read more →

Introduction As we move/migrate applications from on-prem to the cloud, some of the key architecture decisions regarding hybrid integration are with reference to FileShare between the cloud and on-prem systems/users. When a part of the ecosystem goes to the cloud,…

Read more →

There are multiple ways you can deploy your Nodejs app, be it On-Cloud or On-Premises. However, it is not just about deploying your application, but deploying it correctly. Security is also an important aspect that must not be ignored, and…

Read more →

Passwordless authentication is becoming an increasingly popular choice for developers. Even notable names like Slack, Notion, and PayPal are all transitioning to SMS, email, or social logins for their authentication. A driving factor for its increasing adoption is that it’s…

Read more →

What Is Amazon SQS? Amazon SQS (Simple Queue Service) is a message queue service that enables application components to communicate with each other by exchanging messages. This is widely used to build event-driven systems or decouple services on AWS. Features…

Read more →

Innovative technologies are rapidly evolving, and blockchain is one such out-of-the-box invention. It helps users to transact securely and safely. Hence, the demand for blockchain application development is increasing. And this is when the app development frameworks come into play.…

Read more →

Because of the increasing number of cyberattacks, security has become an integral element of SDLC (Software Development Lifecycle). Secure software development is a requirement to protect software from cybercriminals and hackers, minimize any vulnerabilities, and maintain users’ privacy. In this…

Read more →

Currently, and for quite a while now, most developments are done under the umbrella of a framework. If we focus on the front end and JavaScript, we can find dozens of frameworks. It is challenging to reuse graphical interface elements…

Read more →

In the past few years, there has been a growing number of organizations and developers joining the Docker journey. Containerization simplifies the software development process because it eliminates dealing with dependencies and working with specific hardware. Nonetheless, the biggest advantage…

Read more →

Summary It is of utmost importance for enterprises to protect their IT workloads, running either on AWS or other clouds, against a broad range of malware (including computer viruses, worms, spyware, botnet software, ransomware, etc.  AWS GuardDuty Malware Protection service…

Read more →

Most engineers don’t want to spend more time than necessary to keep their clusters highly available, secure, and cost-efficient. How do you make sure your Google Kubernetes engine cluster is ready for the storms ahead?  Here are fourteen optimization tactics…

Read more →

Introduction Mobile app development is an evolving field, with new trends and technologies emerging every year. In other words, it’s rapidly changing and evolving and taking a key role. In recent years, there has been a significant increase in the…

Read more →

An IoT (Internet of Things) gateway is a device that acts as a bridge between connected IoT devices and other networks, such as the Internet. It provides a centralized platform for managing and processing data from multiple IoT devices and…

Read more →

In my previous articles, we discussed what Policy-as-Code is, why we need it, and how to use the Open Policy Agent (OPA) tool. If you haven’t read the introduction yet, please take some time to read it first here.  Following…

Read more →

As Kubernetes has become the de-facto platform to orchestrate containerized workloads, more users have begun to look for ways to control and secure their Kubernetes clusters. Hardening is a thing for sure, but what about enforcing policies inside a cluster?…

Read more →

Testing your digital platforms as part of a digital experience program is a vital element of ensuring that your customers have a seamless and user-friendly experience as they interact with your digital platforms. Of course, as with any other aspect…

Read more →

Cyberattacks targeting resource credentials such as session tokens are on the rise.  Recent high-profile cases such as the source code leaks of Slack’s GitHub repositories in January 2023, CircleCI in January 2023, and before that, GitHub accounts in April 2022…

Read more →

Are you utilizing Docker to deploy your applications? If so, you’re not alone. The use of Docker has skyrocketed in popularity in recent years. While it offers numerous benefits, it also introduces new security risks that need to be addressed.…

Read more →

I’ve been a Java developer long enough to remember the excitement when Sun introduced the concept of serialization in the JVM. In the world of C, we could just write a struct into a file, but this was always problematic.…

Read more →

AI is catapulting every sector into innovation and efficiency as machine learning provides invaluable insights humans never previously conceived. However, because AI adoption is widespread, threat actors see opportunities to manipulate data sets to their advantage. Data poisoning is a…

Read more →

I had the opportunity to catch up with Andi Grabner, DevOps Activist at Dynatrace, during day two of Dynatrace Perform. I’ve known Andi for seven years, and he’s one of the people that has helped me understand DevOps since I…

Read more →

In the first part of this article, we have seen how to set up a simple scenario with a Spring Cloud Config server and the client counterpart. The server was set with a native profile, and the configuration was stored in…

Read more →

Data governance is one of the most important undertakings for businesses today. Regulations like the GDPR and CCPA require organizations to have thorough insight and control over their data, and the costs of poor-quality information keep climbing. An effective governance…

Read more →

Cloud automation refers to the process of using technology to automate the deployment, management, and scaling of applications and infrastructure in a cloud computing environment. This can include tasks such as provisioning and configuring virtual machines, managing storage and networking…

Read more →

If you are living in the same world as I am, you must have heard the latest coding buzzer termed “microservices”—a lifeline for developers and enterprise-scale businesses. Over the last few years, microservice architecture emerged to be on top of…

Read more →

When it comes to infrastructure provisioning, including the AWS EKS cluster, Terraform is the first tool that comes to mind. Learning Terraform is much easier than setting up the infrastructure manually. That said, would you rather use the traditional approach…

Read more →

The second day of Dynatrace Perform kicked off with a great discussion between Kelsey Hightower, distinguished developer advocate at Google Cloud Platform, and Andi Grabner, DevOps evangelist at Dynatrace. The theme of their discussion was redefining the boundaries of people, processes, and…

Read more →

Introduction Microsoft 365 is a popular productivity suite used by organizations of all sizes. While it offers a wealth of features and benefits, it also poses security challenges, especially in terms of protecting user data. With cyber threats on the…

Read more →

What is the Industrial Internet of Things (IIoT)? IIoT refers to using interconnected devices, sensors, and machines in industrial settings. These devices can monitor and analyze data from various systems, giving businesses real-time insights into their operations. For example, a…

Read more →

Web hosting is a service that allows individuals and organizations to make their websites accessible on the internet. When you create a website, you need a place to store all of your website’s files, such as HTML, CSS, and images.…

Read more →

If you use Windows, you will want to monitor Windows Events. A recent contribution of a distribution of the OpenTelemetry (OTel) Collector makes it much easier to monitor Windows Events with OpenTel. You can utilize this receiver either in conjunction…

Read more →

Though the Internet of Things (IoT) has redefined our lives and brought a lot of benefits, it has a large attack surface area and is not safe until it is secure. IoT devices are an easy target for cybercriminals and…

Read more →

In many software organizations, terms like authentication, SSO, and SAML are heard pretty often. Admittedly, many people will run away when hearing these terms, trying to avoid doing any authentication-related work.  In this article, we will go over SSO fundamentals…

Read more →

The gaming industry has seen tremendous growth in recent years, with millions of players engaging in online games daily. As the industry grows, so does the need for secure game development practices. Cyberattacks are becoming more sophisticated and frequent, making…

Read more →

Security is one of the key challenges in Kubernetes because of its configuration complexity and vulnerability. Managed container services like Google Kubernetes Engine (GKE) provide many protection features but don’t take all related responsibilities off your plate. Read on to…

Read more →

Backup and disaster recovery are two critical components of a comprehensive data management strategy for businesses of all sizes. However, while both terms are often used interchangeably, they refer to two distinct processes. This article will examine the key differences…

Read more →

If you want to become a smart contract developer on Ethereum, then you need to learn Solidity. Whether your goal is DeFi, blockchain gaming, digital collectibles (NFTs), or just web3 in general, Solidity is the foundational language behind the innovative…

Read more →

With the cyber threat landscape growing constantly and cyberattacks becoming more sophisticated, it is imperative for any organization to be well-prepared with a clear and actionable cyber defense strategy. As noted by   Chuck Robbins, Chairman, and CEO at Cisco,…

Read more →

Background Information The story starts back in 2007 when our founders, Omri Gazitt and Gert Drapers, were working on what would eventually become Azure Active Directory. At that time, Active Directory was a keystone workload for Windows Server. It enabled…

Read more →

Can you prevent a cloud outage from negatively impacting your business? It isn’t always possible to anticipate cloud outages, but there are steps you can take to minimize their impact on your team. How can you get started preparing for…

Read more →

Both GraphQL and Protocol Buffers (Protobuf) are types of formats for transferring data between client and server. Each has its own set of advantages and disadvantages, and are used in different contexts, depending on the specific requirements of an application.…

Read more →

Over the past years, the adoption of Agile and DevOps grew, and together with it, we have also observed the rise of DevSecOps. Such practice recommends shifting left security testing and remediation of security vulnerabilities as early as possible within the…

Read more →

DNSSEC, short for Domain Name System Security Extensions, is a set of protocols that aim to secure the domain name system (DNS) against various security threats such as spoofing, cache poisoning, and eavesdropping. DNSSEC is designed to protect the authenticity…

Read more →

Connectivity is so daunting. By far, we are all used to instant connectivity that puts the world at our fingertips. We can purchase, post, and pick anything, anywhere, with the aid of desktops and devices. But how does it happen?…

Read more →

What in the World Is Technology? Technology is anything that makes tasks easier. It could be something as simple as a thimble to something as complex as AI. Technology, overall, has made life easier, more convenient, and more efficient. We’ll…

Read more →

The gaming industry has seen tremendous growth in recent years, with millions of players engaging in online games daily. As the industry grows, so does the need for secure game development practices. Cyberattacks are becoming more sophisticated and frequent, making…

Read more →

In many software organizations, terms like authentication, SSO, and SAML are heard pretty often. Admittedly, many people will run away when hearing these terms, trying to avoid doing any authentication-related work.  In this article, we will go over SSO fundamentals…

Read more →

Safari is the default browser on iPads, Macbooks, and iPhones. It lies second on browser preferences, right after Chrome. Its 250+ features offer users striking benefits that set it apart from other most popular browsers like Chrome and Firefox. Building on that,…

Read more →

Digital transformation requires agility and fast time to market as critical factors for success in any enterprise. The decentralization with a data mesh separates applications and business units into independent domains. Data sharing in real-time with data streaming helps provide…

Read more →

Data engineers are increasingly in high demand, especially as more company leaders realize it’s necessary to use reliable information for better decision-making. However, even the most skilled and experienced professionals can make mistakes. Here are some of them and how…

Read more →

One of the most popular method of authentication remains the password. In a previous article, we discussed the proper implementation of password authentication. However, relying solely on a password as the means of authentication is no longer sufficient, especially for…

Read more →

Machine learning is one of the most disruptive technologies across industries today. Despite this versatility and potential, many organizations struggle to capitalize on this technology’s full potential, especially in sectors like manufacturing that lack widespread ML skills and knowledge. High…

Read more →

In this tutorial, we will be building a simple yet smart web application, to demonstrate how to authenticate users on a typical website or web application via face recognition instead of the traditional login/password pair. In this process, we are…

Read more →

At this point, we’ve all heard the horror stories about clicking on malicious links, and if we’re unlucky enough, perhaps we’ve been the subject of one of those stories.   Here’s one we’ll probably all recognize: an unsuspecting employee receives…

Read more →

The concept of generative AI describes machine learning algorithms that can create new content from minimal human input. The field has rapidly advanced in the past few years, with projects such as the text authorship tool ChatGPT and realistic image creator DALL-E2…

Read more →

Authentication in the Age of SaaS and Cloud Let’s start with the differences between authentication and authorization. People tend to lump these concepts together as auth, but they’re two distinct processes. Authentication describes the process of finding out that you are…

Read more →

“We mustn’t use live data for testing.” This is the reason why most organizations start to look at superficial solutions to certain challenges that are ingrained in their DNA. For years, this aversion has driven the way that organizations have…

Read more →

Cloud security is an ever-evolving challenge, as organizations must consider the security of the cloud provider, the configuration of the services they offer, and the security of their own internal systems that store and access cloud-based data. Organizations must continuously…

Read more →

Cyber insurance is a type of insurance policy designed to protect businesses and individuals against losses resulting from cyber-attacks and data breaches. In addition, it provides financial support in the event of a breach, covering costs such as legal fees,…

Read more →

Making your hands dirty by learning how to create blockchain will assist you in appreciating the technology and how it works,” says Elliot Minns, a coding and cryptocurrency guru. In this article, you will learn how to build an easy cryptocurrency blockchain…

Read more →

More and more people are adopting multi-factor authentication today to protect themselves from increasing rates of hacking and data theft. Several popular options are available for MFA, but which is the most secure and effective?  1. Social Media Login One…

Read more →

With a rapidly changing business landscape, security is one of the biggest challenges for developers and testers in their modern web development cycle. The complexity of building and deploying modern web apps leads to more security vulnerabilities. As per a…

Read more →

API Gateways are critical components in one’s infrastructure. If an attacker could change the configuration of routes, they could direct traffic to their infrastructure. Consequences could range from data theft to financial losses. Worse, data theft could only be noticed…

Read more →

You never get a second chance to make a first impression. So how do you make sure it’s a good one? This matter is constantly in the mind of release managers and product owners because they know that once a…

Read more →

A website for your business is essential for reaching a wider audience and establishing a solid online presence. However, security should be a top priority when creating a website to protect your business and customers from cyber threats.  Securing a…

Read more →

With growing concern regarding data privacy and data safety today, Internet of Things (IoT) manufacturers have to up their game if they want to maintain consumer trust. This is the shared goal of the latest cybersecurity standard from the European…

Read more →

Integrating DevOps with IT Service Management (ITSM) is a critical step for organizations looking to improve the speed, quality, and reliability of their software delivery processes. DevOps and ITSM are complementary approaches that can significantly benefit each other when integrated…

Read more →

Undertaking a DevOps transformation can be overwhelming for many organizations. The initial phase of the journey can be complex and more challenging; “Where do I begin?” and “What quick successes can I attain to foster early progress?” It is easier…

Read more →