Tag: DZone Security Zone

Securing Federal Systems

Computer systems in the federal government must demonstrate that they are secure. The process is known as accreditation and the goal is to receive an Authority to Operate (ATO). The ATO allows the system to be put into production for…

Black Hat 2024, Day 2: Charting the Future of Cybersecurity

The 2024 Black Hat conference in Las Vegas brought together some of the most influential voices in cybersecurity, offering critical insights for security professionals navigating an increasingly complex digital landscape. From the philosophical underpinnings of software development to practical strategies…

How Data Encryption Can Simplify Infrastructure Architecture

Product and infrastructure engineering teams are not always aligned with the interests of security engineering teams. While product and infrastructure focus on driving business value and delivering practical solutions, security focuses on detection, prevention, and remediation, which can seem less…

Data Security Solution for US Federal Customers

Federal agencies manage highly classified sensitive data, including personal information, medical records, and tax and income details of all U.S. residents. In some cases, temporary visitor data are also retained. They also handle national security information, including susceptible documents, intergovernmental…

API Security: The Cornerstone of AI and LLM Protection

As artificial intelligence and large language models (LLMs) continue to reshape the technological landscape, the importance of API security has never been more critical. In a recent interview at Black Hat 2024, Tyler Shields, Vice President of Product Marketing at…

What Is SQL Injection and How Can It Be Avoided?

SQLi is one of the code injection techniques that may enable an attacker to modify the queries that the application provides to the database. By far the most frequent and severe web application security threats always hide in web applications that…

The Relationship Between Performance and Security

The software landscape has undergone a profound transformation over the past two decades. In the past, a substantial portion of software was designed for local desktop use. However, today, the norm for computer users is to access web-based software services…

Creating Effective Exceptions in Java Code [Video]

This article will explore the critical topic of creating effective exceptions in your Java code. Exceptions are crucial in identifying when something goes wrong during code execution. They are instrumental in managing data inconsistency and business validation errors. We will…

The Need for Application Security Testing

Security plays a key role whether you are onboarding customer workloads to the cloud, designing and developing a new product, or upgrading an existing service. Security is critical in every leg of the software development life cycle (SDLC). Application security…

How You Can Avoid a CrowdStrike Fiasco

By now we’ve all heard about —  or been affected by — the CrowdStrike fiasco. If you haven’t, here’s a quick recap. An update to the CrowdStrike Falcon platform, pushed on a Friday afternoon, caused computers to crash and be…

Why You Should Use Buildpacks Over Docker

Docker is the obvious choice for building containers, but there is a catch: writing optimized and secure Dockerfiles and managing a library of them at scale can be a real challenge. In this article, I will explain why you may…

Not All MFA Is Equal: Lessons From MFA Bypass Attacks

One-time passwords are one of the most relied-on forms of multi-factor authentication (MFA). They’re also failing miserably at keeping simple attacks at bay. Any shared secret a user can unknowingly hand over is a target for cybercriminals, even short-lived TOTPs.…

Reimagining AI: Ensuring Trust, Security, and Ethical Use

The birth of AI dates back to the 1950s when Alan Turing asked, “Can machines think?” Since then, 73 years have passed, and technological advancements have led to the development of unfathomably intelligent systems that can recreate everything from images…

How To Setup OAuth JWT in the Salesforce Connector

In this post, we’ll explain all the steps required to connect a Mule application to Salesforce using the Salesforce connector with the OAuth JWT flow. You can also create your own certificate for the OAuth JWT flow with Salesforce or…

The C̶a̶k̶e̶ User Location Is a Lie!!!

I recently sat in on a discussion about programming based on user location. Folks that are way smarter than me covered technical limitations, legal concerns, and privacy rights. It was nuanced, to say the least. So, I thought I’d share…

Vulnerability Management in DevOps Environments

DevOps has become the groundwork for delivering top-notch applications quickly and efficiently in today’s agile development. Its efficiency and speed can also cause notable security threats if vulnerabilities are not managed properly. Sixty percent of data breaches succeed because organizations…

Why Do We Need to Keep Our Builds Green?

The Trivial Answer Most engineers know that we must have green builds because a red build indicates some kind of issue. Either a test did not pass, or some kind of tool found a vulnerability, or we managed to push…

Guarding Privacy: Cutting-Edge Technologies for Data Protection

Data has become a valuable commodity in today’s digital era. It innovatively drives businesses to make informed decisions and personalized experiences for their customers, optimize operational efficiency, and accurately predict market trends. However, data’s immense value comes with an equally…

Don’t Get Hacked! Essential Cybersecurity Tips You Need To Know

Technology in the digital age has revolutionized our lives. However, this convenience comes with a growing threat: cybercrime. Malicious actors, ranging from petty thieves to sophisticated cybercriminals, operate online, seeking to exploit vulnerabilities and steal sensitive information, financial data, and…

How To Implement a Gateway With Spring Cloud

A microservice system could have a high number of components with complex interactions. It is important to reduce this complexity, at least from the standpoint of the clients interacting with the system. A gateway hides the microservices from the external…

How Behavioral Biometrics Enhances Fraud Prevention

Today’s fraud prevention processes are far smoother than they used to be. Automated alert systems and authentication measures are now standard, but these relatively simple, rules-based solutions are still imperfect. The growing field of behavioral biometrics offers a more reliable…

Security Challenges in AI-Powered Applications

AI is revolutionizing how Software-as-a-Service (SaaS) applications work, making them more efficient and automated than ever before. However, this rapid progress has opened up a Pandora’s box of new security threats. From the sly manipulation of data to the gradual…

Empowering Developers in Code Security

Effective security requires a shared responsibility model. Developers are already overburdened with their primary tasks of writing code and delivering features, and we think it is not realistic to expect them to know everything about security, be responsible for triaging…

Developing Security-By-Design Across the Zoho Application Suite

Delivering secure application services free from exposed vulnerabilities — without imposing overbearing authentication controls that frustrate users, or draconian code review requirements that inhibit developer innovation — is a challenge as old as the internet itself.  Organizations naturally prioritize building…

SBOMs in Action: Securing Your Golden AMIs From Build to Runtime

Golden Amazon Machine Images (AMIs) are the foundation for launching consistent and efficient instances in your AWS cloud environment. Ensuring their security and immutability is paramount. This guide delves into how Software Bill of Materials (SBOMs), cryptographic signing, and runtime…

Penetration Testing for Beginners: A Step-By-Step Guide

In an era where digital transformation is rapidly advancing, the importance of cybersecurity cannot be overstated. One of the essential aspects of maintaining robust security is penetration testing, commonly known as pentesting. This guide aims to provide beginners with a…

Create JWT Using DataWeave JWT Library

Recently in one of my projects, there was a requirement to create JWT within the MuleSoft application and send that as an OAuth token to the backend for authentication. After doing some research, I got to know several ways to…

regreSSHion: Should We Panic About the New OpenSSH Vulnerability?

What Is the regreSSHion Vulnerability (CVE-2024-6387)? regreSSHion is a newly discovered vulnerability in OpenSSH that affects glibc-based Linux systems. regreSSHion (CVE-2024-6387) may allow arbitrary code execution with root privileges on systems with default configurations. Why Is Everyone Worried About the…

How DevSecOps Can Combat Zero-Day Threats

Zero-day threats are becoming more dangerous than ever. Recently, bad actors have taken over the TikTok accounts of celebrities and brands through a zero-day hack. In late May to early June, reports of high-profile TikTok users losing control over their…

Enhancing Security With ZTNA in Hybrid and Multi-Cloud Deployments

Today’s network infrastructure is rapidly changing with the adoption of hybrid and multi-cloud architectures to leverage the benefits of flexibility, scalability, and redundancy. These advantages come with their own set of challenges, particularly in securing access to resources and users spread…

Exploring Cross-Chain Compatibility in dApp Development

The use of Blockchain technology is growing rapidly. The creation of decentralized applications is rising. The issues that need solving include cross-chain interoperability. It lets dApps easily connect and work with different blockchains. Improvement of the dApps is also needed.…

Understanding and Mitigating IP Spoofing Attacks

Spoofing is a type of cyber-attack used by hackers to gain unauthorized access to a computer or a network, IP spoofing is the most common type of spoofing out of the other spoofing method. With IP Spoofing the attacker can…

Enhance IaC Security With Mend Scans

Whether on the cloud or setting up your AIOps pipeline, automation has simplified the setup, configuration, and installation of your deployment. Infrastructure as Code(IaC) especially plays an important role in setting up the infrastructure. With IaC tools, you will be…

Addressing the Challenges of Scaling GenAI

Generative AI (GenAI) has shown immense potential in transforming various sectors, from healthcare to finance. However, its adoption at scale faces several challenges, including technical, ethical, regulatory, economic, and organizational hurdles. This paper explores these challenges and proposes prompt decomposition…

Understanding Properties of Zero Trust Networks

Zero Trust is a well-known but ‘hard-to-implement’ paradigm in computer network security. As the name suggests, Zero Trust is a set of core system design principles and concepts that seek to eliminate the practice of implicit trust-based security. The core…

Data Governance: Data Integration (Part 4)

What Is Data Governance? Data governance is a framework that is developed through the collaboration of individuals with various roles and responsibilities. This framework aims to establish processes, policies, procedures, standards, and metrics that help organizations achieve their goals. These…

Cybersecurity Essentials for Software Developers

Software development is becoming complex, and a new approach is being used to create cross-functional hybrid teams.  This means some developers work on-site while others develop parts of software code remotely. While this approach has benefited agility, speed, and scalability,…

The Role of Kubernetes in Data Privacy and Protection

Kubernetes is a de facto platform for managing containerized applications. It provides a rich ecosystem for deployment, scaling, and operations with first-class support (tons of ready configs and documentation) on the Google Cloud platform. Given the growing importance of data…

IoT Needs To Get Serious About Security

This headline came across my email the other day, and it really got me thinking:  “Number of vulnerable IoT devices increases 136%” This article has been indexed from DZone Security Zone Read the original article: IoT Needs To Get Serious…

Building Resilient Security Systems: Composable Security

Traditional cybersecurity measures may not be enough to protect organizations from new and emerging threats in today’s fast-paced digital world. Security systems need to be advanced along with technology and also should be flexible and adaptable. Composable security is an…

Securing the Future: The Role of Post-Quantum Cryptography

As they evolve, quantum computers will be able to break widely used cryptographic protocols, such as RSA and ECC, which rely on the difficulty of factoring large numbers and calculating discrete logarithms. Post-quantum cryptography (PQC) aims to develop cryptographic algorithms…

Exploring the Role of Data Analytics in SOC Alert Tuning

Security Operations Centers (SOCs) play a crucial role in detecting, responding to, and mitigating security threats in an increasingly complex threat landscape. One fundamental aspect of SOC efficiency is the tuning of alerts to ensure accurate and timely threat detection…

Why Choose Bug Bounty Programs? (Benefits and Challenges Explained)

Diligent software developers must follow secure development practices, industry standards, and regulatory requirements when handling software vulnerabilities. Handling vulnerabilities is a complex, multi-step process that involves various methods and stages. One effective approach to finding vulnerabilities is through Bug Bounty…

Analysis of Flubot Malware on Android OS

Every day, the use of smartphones increases, together with the advancement of the operating system of Android. Subsequently, there have been reports of malicious individuals and hackers capitalizing on the exploits that Android has to offer to gain access to…

Embracing Responsible AI: Principles and Practices

Today we use AI to offer simpler solutions to intricate problems in various sectors such as education, transportation, finance, and healthcare. Due to this reason, it is very important to adhere to best practices and standards. Adhering to AI principles…

Dependency Injection

Dependency Injection is one of the foundational techniques in Java backend development, helping build resilient and scalable applications tailored to modern software demands. DI is used to simplify dependency management by externalizing dependencies from the class itself, streamlining code maintenance,…

Protecting PII Data With JWT

The Challenge JWT tokens are widely used for securing APIs through authentication and authorization. When an API request arrives, the resource server decodes and verifies the JWT token, typically validating the signature for authentication and checking claims or scopes for…