Tag: DZone Security Zone

Golden Amazon Machine Images (AMIs) are the foundation for launching consistent and efficient instances in your AWS cloud environment. Ensuring their security and immutability is paramount. This guide delves into how Software Bill of Materials (SBOMs), cryptographic signing, and runtime…

Read more →

In an era where digital transformation is rapidly advancing, the importance of cybersecurity cannot be overstated. One of the essential aspects of maintaining robust security is penetration testing, commonly known as pentesting. This guide aims to provide beginners with a…

Read more →

Recently in one of my projects, there was a requirement to create JWT within the MuleSoft application and send that as an OAuth token to the backend for authentication. After doing some research, I got to know several ways to…

Read more →

What Is the regreSSHion Vulnerability (CVE-2024-6387)? regreSSHion is a newly discovered vulnerability in OpenSSH that affects glibc-based Linux systems. regreSSHion (CVE-2024-6387) may allow arbitrary code execution with root privileges on systems with default configurations. Why Is Everyone Worried About the…

Read more →

Zero-day threats are becoming more dangerous than ever. Recently, bad actors have taken over the TikTok accounts of celebrities and brands through a zero-day hack. In late May to early June, reports of high-profile TikTok users losing control over their…

Read more →

Deploying microservices in a Kubernetes cluster is critical in 5G Telecom. However, it also introduces significant security risks. While firewall rules and proxies provide initial security, the default communication mechanisms within Kubernetes, such as unencrypted network traffic and lack of…

Read more →

In 2024, GitGuardian released the State of Secrets Sprawl report. The findings speak for themselves; with over 12.7 million secrets detected in GitHub public repos, it is clear that hard-coded plaintext credentials are a serious problem. Worse yet, it is a…

Read more →

Today’s network infrastructure is rapidly changing with the adoption of hybrid and multi-cloud architectures to leverage the benefits of flexibility, scalability, and redundancy. These advantages come with their own set of challenges, particularly in securing access to resources and users spread…

Read more →

The world of online security may seem complex, but understanding the basics of how SSL certificates work and why HTTPS is essential can empower you to make safer choices online. Just like Jane, you can navigate the digital landscape with…

Read more →

The use of Blockchain technology is growing rapidly. The creation of decentralized applications is rising. The issues that need solving include cross-chain interoperability. It lets dApps easily connect and work with different blockchains. Improvement of the dApps is also needed.…

Read more →

In the fast-changing world of tech, companies must get their apps out quickly but can’t forget to keep them safe. Gone are the days when security checks happened only after making the app. Now, there’s an intelligent way called DevSecOps…

Read more →

Spoofing is a type of cyber-attack used by hackers to gain unauthorized access to a computer or a network, IP spoofing is the most common type of spoofing out of the other spoofing method. With IP Spoofing the attacker can…

Read more →

Whether on the cloud or setting up your AIOps pipeline, automation has simplified the setup, configuration, and installation of your deployment. Infrastructure as Code(IaC) especially plays an important role in setting up the infrastructure. With IaC tools, you will be…

Read more →

In today’s digital landscape, web application security has become a paramount concern for developers and businesses. With the rise of sophisticated cyber-attacks, simply reacting to threats after they occur is no longer sufficient. Instead, predictive threat analysis offers a proactive…

Read more →

First, let’s explore the practical applications and advantages of deploying IPSec over SD-WAN. 1. Branch Office Connectivity Secure branch-to-branch communication: Securely connects branch offices to each other and to the headquarter using IPSec tunnels over SD-WAN, IPSec provides encrypted and…

Read more →

You’ve probably heard a lot about zero-trust security lately, and for good reason. As we move more of our applications and data to the cloud, the traditional castle-and-moat approach to security just doesn’t cut it anymore. This makes me come to the…

Read more →

Generative AI (GenAI) has shown immense potential in transforming various sectors, from healthcare to finance. However, its adoption at scale faces several challenges, including technical, ethical, regulatory, economic, and organizational hurdles. This paper explores these challenges and proposes prompt decomposition…

Read more →

Honeypots are the digital traps used by cybersecurity professionals to lure in attackers. These traps imitate real systems and services, such as web servers or IoT devices, to appear as genuine targets. The goal of a honeypot is to deceive…

Read more →

Zero Trust is a well-known but ‘hard-to-implement’ paradigm in computer network security. As the name suggests, Zero Trust is a set of core system design principles and concepts that seek to eliminate the practice of implicit trust-based security. The core…

Read more →

Email remains one of the most common vectors for cyber attacks, including phishing, malware distribution, and social engineering. Traditional methods of email security have been effective to some extent, but the increasing sophistication of attackers demands more advanced solutions. This…

Read more →

In today’s security landscape, OAuth2 has become a standard for securing APIs, providing a more robust and flexible approach than basic authentication. My journey into this domain began with a critical solution architecture decision: migrating from basic authentication to OAuth2…

Read more →

This article will review the principles behind various OpenID Connect (OIDC) authentication flows, from the simplest to the most modern, highlighting the vulnerabilities present in each. We will explore each of the following OpenID Connect flows in detail: This article…

Read more →

In this second post, we’ll be reviewing more topics that you should take into consideration if you’re planning a VPN migration.  If you missed the first part, you can start from there.  This article has been indexed from DZone Security…

Read more →

You might need to migrate your MuleSoft legacy VPNs to Anypoint VPN. You might be changing your routing, from static to dynamic. Or maybe, you’re moving to Cloudhub 2.0. It doesn’t matter, you need to migrate your VPN.  A VPN…

Read more →

What Is Data Governance? Data governance is a framework that is developed through the collaboration of individuals with various roles and responsibilities. This framework aims to establish processes, policies, procedures, standards, and metrics that help organizations achieve their goals. These…

Read more →

In today’s digital age, URL-shortening services like TinyURL and bit.ly are essential for converting lengthy URLs into short, manageable links. While many blogs focus on how to build such systems, they often overlook the security aspects. Here, we have threat-modeled…

Read more →

The cybersecurity industry was once again placed on high alert following the discovery of an insidious software supply chain compromise. The vulnerability, affecting the XZ Utils data compression library that ships with major Linux distributions, is logged under CVE-2024-3094 and…

Read more →

Software development is becoming complex, and a new approach is being used to create cross-functional hybrid teams.  This means some developers work on-site while others develop parts of software code remotely. While this approach has benefited agility, speed, and scalability,…

Read more →

In the face of an ever-evolving threat landscape, organizations are constantly seeking innovative solutions to bolster their cyber resilience. Index Engines, a leading cyber security company, has taken a significant step forward in this direction with the announcement of an industry-first…

Read more →

Troubleshooting IPsec VPN Site-to-Site connections on a FortiGate firewall can be challenging due to the complex nature of VPN connections. Here’s a structured approach to diagnose and resolve common IPsec VPN problems between two sites: “Headquarter” and “Branch”. Topology This…

Read more →

Kubernetes is a de facto platform for managing containerized applications. It provides a rich ecosystem for deployment, scaling, and operations with first-class support (tons of ready configs and documentation) on the Google Cloud platform. Given the growing importance of data…

Read more →

“Cloud resources” is a term that refers to various components and services available in cloud computing environments. On-demand scaling and flexible IT infrastructure are provided by cloud resources. To deploy and scale applications, and store and manage data, organizations leverage…

Read more →

This headline came across my email the other day, and it really got me thinking:  “Number of vulnerable IoT devices increases 136%” This article has been indexed from DZone Security Zone Read the original article: IoT Needs To Get Serious…

Read more →

Secure Access Service Edge (SASE) enhances security by converging network and security services into a single, cloud-native architecture. The model is designed to meet the challenges of modern IT environments, with a rising tendency to use the cloud, mobile workforce,…

Read more →

Snowflake, a leading cloud data warehousing provider, has been impacted by a major data breach recently. This incident, which surfaced in June 2024, has sent ripples through the tech community, affecting prominent clients like Advance Auto Parts, Santander Bank, and…

Read more →

Traditional cybersecurity measures may not be enough to protect organizations from new and emerging threats in today’s fast-paced digital world. Security systems need to be advanced along with technology and also should be flexible and adaptable. Composable security is an…

Read more →

The rapid advancement of large language models (LLMs) has ignited both excitement and apprehension. While their potential for good is immense, so too is the possibility of misuse and unintended consequences. Understanding the specific dangers these powerful AI systems pose…

Read more →

Can you monitor your internal SSL certificates? This was a question we frequently heard from our clients. Many organizations keep their services (web, database, etc.) inaccessible on the public internet, for security, compliance, cost, and other reasons. At TrackSSL, we…

Read more →

For developers, engineers, and architects, turning raw data into actionable insights has long been a complex and time-consuming challenge. But Sigma Computing is on a mission to change that with its innovative cloud-native data analytics platform built on Snowflake. “Snowflake…

Read more →

As they evolve, quantum computers will be able to break widely used cryptographic protocols, such as RSA and ECC, which rely on the difficulty of factoring large numbers and calculating discrete logarithms. Post-quantum cryptography (PQC) aims to develop cryptographic algorithms…

Read more →

Azure Entra Id, formerly Azure Active Directory is a comprehensive Identity and Access Management offering from Microsoft. While it encompasses many functionalities, the article will focus on Managed Identities. Why Managed Identities? Initially, Azure resources were accessed using connecting strings–keys…

Read more →

Security Operations Centers (SOCs) play a crucial role in detecting, responding to, and mitigating security threats in an increasingly complex threat landscape. One fundamental aspect of SOC efficiency is the tuning of alerts to ensure accurate and timely threat detection…

Read more →

Network onboarding — the process through which new devices gain access to an organization’s network— is a cornerstone of IT operations, affecting everything from security to user satisfaction. Traditionally, this process has been fraught with challenges, particularly at scale. In environments…

Read more →

As a seasoned security architect, I have witnessed the transformative impact of AI and ML on the software development landscape, particularly in the context of API security. The advent of GenAI, with its ability to rapidly generate code and entire…

Read more →

Diligent software developers must follow secure development practices, industry standards, and regulatory requirements when handling software vulnerabilities. Handling vulnerabilities is a complex, multi-step process that involves various methods and stages. One effective approach to finding vulnerabilities is through Bug Bounty…

Read more →

Every day, the use of smartphones increases, together with the advancement of the operating system of Android. Subsequently, there have been reports of malicious individuals and hackers capitalizing on the exploits that Android has to offer to gain access to…

Read more →

Today we use AI to offer simpler solutions to intricate problems in various sectors such as education, transportation, finance, and healthcare. Due to this reason, it is very important to adhere to best practices and standards. Adhering to AI principles…

Read more →

Vue.js is a popular JavaScript framework, and as such, it is crucial to ensure that its components work as they are supposed to: effectively, and more importantly, reliably. Mocking dependencies is one of the most efficient methods of testing, as…

Read more →

Dependency Injection is one of the foundational techniques in Java backend development, helping build resilient and scalable applications tailored to modern software demands. DI is used to simplify dependency management by externalizing dependencies from the class itself, streamlining code maintenance,…

Read more →

The Challenge JWT tokens are widely used for securing APIs through authentication and authorization. When an API request arrives, the resource server decodes and verifies the JWT token, typically validating the signature for authentication and checking claims or scopes for…

Read more →

There is no well-defined pattern or framework for building a managed SaaS. Building a well-managed SaaS involves solving a wide variety of problems. Some of these problems are common across different kinds of SaaS, and some are very specific to…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Cloud Native: Championing Cloud Development Across the SDLC. The cloud-native application protection platform (CNAPP) model is designed to secure applications that leverage cloud-native technologies. However,…

Read more →

The Vehicle Routing Problem (VRP) is a fundamental challenge in logistics and supply chain management, involving the optimization of routes for a fleet of vehicles to deliver goods to a set of customers. The problem’s complexity increases with the number…

Read more →

In today’s data-driven world, businesses face numerous challenges when it comes to storing, securing, and analyzing vast amounts of information. As a developer, engineer, or architect, finding the right storage solution that seamlessly integrates with your infrastructure while providing the…

Read more →

Digital authentication is no longer a new term in today’s technology-driven society. It is a critical security mechanism that helps to protect our cyberspace from various types of fraud and identity theft. It is used to enable electronic transactions that…

Read more →

NCache Java Edition with distributed cache technique is a powerful tool that helps Java applications run faster, handle more users, and be more reliable. In today’s world, where people expect apps to work quickly and without any problems, knowing how…

Read more →

In today’s digital age, cloud-hosted applications frequently use storage solutions like AWS S3 or Azure Blob Storage for images, documents, and more. Public URLs allow direct access to publicly accessible resources.  However, sensitive images require protection and are not readily…

Read more →

Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism — typically at least two of the following categories: knowledge…

Read more →

Unveiling Data Brokers Data brokers are entities that gather personal information from various sources, then process and organize it to later license to other organizations or individuals for marketing, risk mitigation, identity verification, and other purposes. The information data brokers…

Read more →

Nowadays, with the prevalence of digital risks, it is crucial to make sure online applications are secure. To detect vulnerabilities and provide a strong defense against future cyberattacks, security testing is essential. Burp Suite is one of the many tools…

Read more →

Remote working arrangements are popular perks for developers. Many appreciate that they can do their jobs without daily commutes. Hiring managers and other decision-makers also like how remote work removes the geographical limitations of physical offices, making it possible to…

Read more →

In today’s digital landscape, securing sensitive data has become more critical than ever. With cyber threats on the rise, organizations need robust solutions to protect their valuable information. This is where Key Management Systems (KMS) and Hardware Security Modules (HSM)…

Read more →

In the dynamic landscape of digital transformation, where Application Programming Interfaces (APIs) serve as the backbone of connectivity and innovation, maintaining control and compliance becomes paramount. API governance, the set of policies, processes, and procedures for managing APIs, plays a…

Read more →

In the ever-evolving landscape of software development, where speed and security often seem to be at odds, DevSecOps emerges as a pivotal strategy. It’s a methodology that integrates security practices within the DevOps process. As a Chief Architect with extensive…

Read more →

In a digitally-driven world where organizations are entrusted with increasing volumes of sensitive data, establishing trust and credibility is non-negotiable. Regular auditing and accountability play pivotal roles in achieving these goals. An audit is like a comprehensive health check that…

Read more →

If you’re building an application that needs to go toward production, you’ll undoubtedly need to serve it up securely with SSL. What that entails varies from provider to provider, and you’ll encounter differing levels of complexity (and cost) in getting…

Read more →

Blockchain technology is a novel solution to privacy concerns and risks associated with the storage and maintenance of biometric data. Blockchain is a form of distributed ledger technology that shares infrastructure across several cybersecurity applications. It underlies cryptocurrencies such as…

Read more →

In February 2024, a slew of notable entities fell victim to cybercrime, ranging from UnitedHealth and the personal accounts of Axie Infinity’s co-founder to Hewlett Packard Enterprise, AnyDesk, and various French healthcare payment service providers like Viamedis and Almerys. Even…

Read more →

To navigate the digital landscape safely, organizations must prioritize building robust cloud infrastructures, and sanctuaries for their valuable data. The foundation of a secure cloud architecture requires steadfast principles and guiding decisions like invisible forces that form a resilient structure.…

Read more →

In the realm of software development, Application Programming Interfaces (APIs) are akin to a magic glue that binds different systems together, allowing them to communicate and work in harmony. An API acts as the user interface for API consumers and…

Read more →

As enterprises strive to produce results rapidly in a dependable and sustainable manner, the significance of the underlying data becomes paramount. A major challenge in managing this data is the diverse set of capabilities required within a data architecture. It’s…

Read more →

Good Old History: Sessions Back in the old days, we used to secure web applications with sessions. The concept was straightforward: upon user authentication, the application would issue a session identifier, which the user would subsequently present in each subsequent…

Read more →

Cyber threats are growing more sophisticated, frequent, and damaging, with the average cost of a data breach now reaching $4.24 million, according to IBM’s 2021 report. Clearly, organizations need more robust cybersecurity protections in place, which is leading many to…

Read more →

As we advance into 2024, the landscape of DevOps is undergoing a transformative shift. Emerging technologies, evolving methodologies, and changing business needs are redefining what it means to implement DevOps practices effectively. This article explores DevOps’s key trends and adaptations…

Read more →

While working on a user model, I found myself navigating through best practices and diverse strategies for managing a token service, transitioning from straightforward functions to a fully-fledged, independent service equipped with handy methods. I delved into the nuances of…

Read more →

With technology and data growing at an unprecedented pace, cloud computing has become a no-brainer answer for enterprises worldwide to foster growth and innovation. As we swiftly move towards the second quarter of 2024, predictions by cloud security reports highlight…

Read more →

Generative Artificial Intelligence (AI) has emerged as a transformative technology with vast potential for innovation across various sectors. However, the widespread adoption of generative AI raises significant concerns regarding privacy, fairness, and accountability, particularly in data sharing.  This article explores…

Read more →

The continuous integration/continuous delivery (CI/CD) pipeline represents the steps new software goes through before release. However, it can contain numerous vulnerabilities for hackers to exploit. 1. Vulnerabilities in the Code Many software releases get completed on such tight time frames…

Read more →

In the digital age, where data breaches and cyber threats loom large, ensuring the security of your digital assets is paramount. Businesses are in dire need of robust tools that not only detect threats in real time but also provide…

Read more →

As a developer, engineer, or architect, managing and securing growing volumes of data across multiple environments can be a complex and time-consuming task. Cohesity, a leading data management company, recently presented at the 54th IT Press Tour, highlighting how their…

Read more →

In the interconnected realm of modern software architecture, Application Programming Interfaces (APIs) are the fundamental building blocks that allow disparate systems, applications, and services to communicate with each other. They facilitate the exchange of data and functionality, enabling a seamless…

Read more →

In the rapidly evolving landscape of Kubernetes, security remains at the forefront of concerns for developers and architects alike. Kubernetes 1.25 brings significant changes, especially in how we approach pod security, an area critical to the secure deployment of applications.…

Read more →

Why Do Organizations Need Secure Development Environments? The need to secure corporate IT environments is common to all functions of organizations, and software application development is one of them. At its core, the need for securing IT environments in organizations…

Read more →

Cyberattacks are a common and permanent threat. This paper is the first in a series about cybersecurity. The aim is to provide software engineers with an understanding of the main threats and how to address them. Most exploits are based…

Read more →

Hype is a funny thing. Sometimes you find yourself in a Godfather Part 2 situation where the hype is totally justified. You hear about it. You try it. Life is changed. Hooray! Other times, you find yourself in more of…

Read more →

Vishing, a fusion of “voice” and “phishing,” represents a sophisticated social engineering tactic that leverages telephonic communication to extract sensitive personal or administrative information. Though not a novel concept, historical instances underscore the enduring efficacy of vishing in breaching security…

Read more →

Connecting AWS Lambda to an AWS RDS instance allows you to build serverless applications that can interact with relational databases, thereby enabling you to manage database operations without provisioning or managing servers. This comprehensive guide walks you through the process…

Read more →

Solix, a leading provider of data management and integration solutions, recently presented to the 54th IT Press Tour, sharing insights into how their solutions can help developers, engineers, and architects organize enterprise data and optimize infrastructure. With a mission “to…

Read more →

The modern data stack represents the evolution of data management, shifting from traditional, monolithic systems to agile, cloud-based architectures. It’s designed to handle large amounts of data, providing scalability, flexibility, and real-time processing capabilities. This stack is modular, allowing organizations…

Read more →

Overview This documentation provides a comprehensive guide to setting up a Virtual Private Network (VPN) server using Pritunl, a popular open-source VPN server management platform. By following these steps, users can establish a secure and private network infrastructure suitable for…

Read more →

Artificial intelligence (AI) offers transformative potential across industries, yet its vulnerability to adversarial attacks poses significant risks. Adversarial attacks, in which meticulously crafted inputs deceive AI models, can undermine system reliability, safety, and security. This article explores key strategies for…

Read more →

What Is Incident Management? Incident management is the process of identifying, responding, resolving, and learning from incidents that disrupt the normal operation of a service or system. An incident can be anything from a server outage, a security breach, a…

Read more →

According to a report by MarketsandMarkets, the global AI in cybersecurity market is projected to skyrocket from $8.8 billion in 2020 to an estimated $38.2 billion by 2026, marking a staggering 23.3% compound annual growth rate during the forecast period.…

Read more →

This article provides a brief overview of techniques that can be used in your mobile iOS application to keep it secure enough for the vast majority of cases. If you are a junior or middle iOS developer and have not…

Read more →

Cloud computing has revolutionized software organizations’ operations, offering unprecedented scalability, flexibility, and cost-efficiency in managing digital resources. This transformative technology enables businesses to rapidly deploy and scale services, adapt to changing market demands, and reduce operational costs. However, the transition…

Read more →

Creating an OAuth 2.0 Authorization Server from scratch involves understanding the OAuth 2.0 framework and implementing its various components, such as the authorization endpoint, token endpoint, and client registration. In this detailed guide, we’ll walk through building a simple OAuth…

Read more →

When superior performance comes at a higher price tag, innovation makes it accessible. This is quite evident from the way AWS has been evolving its services:  gp3, the successor of gp2 volumes: Offers the same durability, supported volume size, max IOPS…

Read more →

Last week, we listed 16 practices to help secure one’s APIs and described how to implement them with Apache APISIX. Authentication: Verifies the identity of users accessing APIs. Authorization: Determines permissions of authenticated users. Data Redaction: Obscures sensitive data for…

Read more →

Generative AI (GenAI) represents a significant leap in artificial intelligence, enabling the creation of novel and realistic data, from text and audio to images and code. While this innovation holds immense potential, it also raises critical concerns regarding data security…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, The Modern DevOps Lifecycle: Shifting CI/CD and Application Architectures. Software supply chains (SSCs) have become a prevalent topic in the software development world, and for…

Read more →