Tag: DZone Security Zone

To patch the Exchange Servers against known threats and fix bugs and vulnerabilities, Microsoft releases Cumulative and Security updates on a regular basis. These updates also provide new features, security patches, and various other fixes. Usually, the installation of these…

Read more →

As the cybersecurity landscape continues to evolve, the challenges associated with defending against cyber threats have grown exponentially. Threat vectors have expanded, and cyber attackers now employ increasingly sophisticated tools and methods. Moreover, the complexity of managing security in today’s…

Read more →

In the constantly shifting realm of cybersecurity, remaining ahead of emerging threats is no longer merely an aspiration but an imperative. With cyber adversaries continuously enhancing their skills and tenacity, businesses are progressively embracing cutting-edge technologies and inventive tactics to…

Read more →

“Mobile is becoming not only the new digital hub but also the bridge to the physical world.”– Thomas Husson, VP and Principal Analyst at Forrester Research Mobile devices have become an inevitable part of organizations’ strategies to do more with…

Read more →

September marks National Insider Threat Awareness Month (NITAM), an annual campaign dedicated to shedding light on the risks posed by trusted insiders. Whether employees, contractors, partners, or collaborators, these authorized individuals have the potential to intentionally or accidentally cause significant…

Read more →

In today’s increasingly digital world, securing your applications has become paramount. As developers, we must ensure that our applications are protected from unauthorized access and malicious attacks. One popular solution for securing Java applications is Spring Security, a comprehensive and…

Read more →

Privacy by Design (PbD) is an approach to systems engineering that aims to embed privacy into every stage of the development process and across the entire organization from day one. Privacy is too often overlooked or solely an afterthought. Policies…

Read more →

On August 21, 2023, security researcher and HackerOne Advisory Board Member Corben Leo announced on social media that he had “hacked a car company” and went on to post a thread explaining how he “gained access to hundreds of their codebases.”…

Read more →

Emerging technologies are unlocking new possibilities for gathering and leveraging data from personal devices to provide highly customized and contextualized user experiences. As Dr. Poppy Crum, CTO, and neuroscientist, highlighted in her Technology and Human Evolution presentation at TIBCO Next,…

Read more →

As businesses shift operations to the cloud, robust security is crucial. DDoS attacks pose significant threats to cloud-based services, aiming to disrupt infrastructure and cause downtime and financial losses. AWS Shield from Amazon Web Services provides comprehensive DDoS protection, fortifying…

Read more →

Developing secure APIs is crucial, but testing them thoroughly can be time-consuming and difficult without the right tools. A new offering called CodeSec from application security provider Contrast Security aims to make robust API security testing quick, accurate, and accessible…

Read more →

Gradle version catalogs allow us to add and maintain dependencies in an easy and scalable way. Apps grow, and managing projects with several development teams increases the compilation time. One potential solution to address this issue involves segmenting the project…

Read more →

When choosing a user authentication method for your application, you usually have several options: develop your own system for identification, authentication, and authorization, or use a ready-made solution. A ready-made solution means that the user already has an account on…

Read more →

In today’s digitally interconnected world, software plays an integral role in our daily lives. From online banking and e-commerce to healthcare and transportation, software applications are at the heart of our technological infrastructure. However, with the increasing reliance on software,…

Read more →

Enterprise security teams have had since 2015 to familiarize themselves with GraphQL API security. But many — if not most — still haven’t captured the security nuances of the popular open-source query language. Simply understanding GraphQL’s processes and vulnerable attack…

Read more →

At Black Hat 2023, Kemba Walden, Acting National Cyber Director at the White House, outlined a new national cybersecurity strategy aimed at strengthening defenses through workforce development and technology initiatives. For developers and technology professionals, this strategy has major implications,…

Read more →

In the constant struggle between security and agility, developers often draw the short straw. Tasked with rapidly building and deploying code, engineers get bogged down handling security incidents or remediating vulnerabilities. The friction between creating quickly and creating securely slows…

Read more →

Agile software development has transformed how software is created and delivered. It fosters collaboration, flexibility, and quick development cycles, making it appealing to many teams. However, Agile’s numerous advantages come with specific cybersecurity risks that developers must address. In this…

Read more →

In today’s interconnected society, the Internet of Things (IoT) has seamlessly integrated itself into our daily lives. From smart homes to industrial automation, the number of IoT devices continues to grow exponentially. However, along with these advancements comes the need…

Read more →

On July 11, 2023, Microsoft released details of a coordinated attack from threat actors, identified as Storm-0558. This state-sponsored espionage group infiltrated email systems in an effort to collect information from targets such as the U.S. State and Commerce Departments.…

Read more →

Tokens are essential for secure digital access, but what if you need to revoke them? Despite our best efforts, there are times when tokens can be compromised. This may occur due to coding errors, accidental logging, zero-day vulnerabilities, and other…

Read more →

Identity and access management (IAM) is fundamental to modern cybersecurity and operational efficiency. It allows organizations to secure their data, comply with regulations, improve user productivity, and build a strong foundation for trustworthy and successful business operations. A robust IAM…

Read more →

In today’s interconnected global marketplace, secure data transmission is more crucial than ever. As digital platforms become increasingly important for financial transactions and personal communications, ensuring the integrity and confidentiality of data is vital. If someone gets unauthorized access to…

Read more →

In the face of ever-changing threats and complex infrastructures, the zero-trust architecture represents an important transformation in our understanding and implementation of security. This innovative approach promises not only increased protection but also increased adaptability and efficiency in infrastructure management.…

Read more →

In today’s digital landscape, data privacy and accurate analytics are paramount for businesses striving to make informed decisions. Google Analytics 4 (GA4) brings a new dimension to data privacy and tracking methods, including cookie-less tracking and server-side tracking.  Growing worries…

Read more →

Code scanning for vulnerability detection for exposure of security-sensitive parameters is a crucial practice in MuleSoft API development.  Code scanning involves the systematic analysis of MuleSoft source code to identify vulnerabilities. These vulnerabilities could range from hardcoded secure parameters like…

Read more →

MQTT is a lightweight messaging protocol commonly used in IoT (Internet of Things) applications to enable communication between devices. As a popular open-source MQTT broker, EMQX provides high scalability, reliability, and security for MQTT messaging. By using Terraform, a widespread…

Read more →

MQTT is a lightweight messaging protocol used in the Internet of Things (IoT) to enable communication between devices. As a popular open-source MQTT broker, EMQX provides high scalability, reliability, and security for MQTT messaging. By using Terraform, a widespread Infrastructure…

Read more →

Starters are an integral part of the Spring Boot application. In addition to dependency versioning, they provide the ability to describe the configuration for a particular functionality. They gained their popularity due to the development of microservice architecture. When we…

Read more →

SaaS applications and services are at the core of today’s businesses, and a quick glance at the market indicates that this trend isn’t going to stop anytime soon. Gartner forecasts that SaaS spending will reach $197 billion in 2023, up…

Read more →

The Microsoft OpenXML files we use on a day-to-day basis are conveniently designed to be accessed and manipulated programmatically. We can jump into any OpenXML file structure in a variety of capacities (usually via specialized programming libraries or APIs) to…

Read more →

Previous Articles Volume 1 Volume 2 Volume 3 Volume 4 Volume 5 Volume 6 Volume 7 Volume 8 Volume 9 Volume 10 Volume 11 Volume 12 Topics Topic 1: Diagnose certificate-based authentication Topic 2: Differences between cockroach and psql clients…

Read more →

Since most security administrators have little insight into cloud-to-cloud connections, monitoring and protecting data throughout these communications is challenging. This article will examine the issue and potential remedies.  What Exactly Is a ‘Plug-In’ in a SaaS System? A plug-in SaaS…

Read more →

Over the past several years, Zero Trust Architecture (ZTA) has gained increased interest from the global information security community. Over the years, several organizations have adopted Zero Trust Architecture (ZTA) and experienced considerable security improvements. One such example is Google,…

Read more →

As the global community grapples with the urgent challenges of climate change, the role of technology and software becomes increasingly pivotal in the quest for sustainability. There exist optimization approaches at multiple levels that can help: Algorithmic efficiency: Algorithms that…

Read more →

In the rapidly evolving landscape of healthcare, Artificial Intelligence (AI) has emerged as a transformative force, promising to reshape the industry with its potential to improve diagnostics, personalize patient care, and streamline administrative tasks. AI Chatbots, like the UK-based Babylon…

Read more →

Are you looking to develop dynamic and secure web applications? If so, then C# (pronounced as “C sharp”) is a powerful programming language that can meet your requirements.  C# is widely used in web development due to its versatility, performance,…

Read more →

Data migration can be challenging due to the need to merge data from multiple sources into one consolidated new system, which can be both risky and time-consuming.  These issues can arise due to a lack of proper planning, inadequate migration…

Read more →

The failure to provide adequate security for software releases and delivery is becoming costlier day by day, and the impact is enormous: business disruption, lost sales, damaged reputations, frustrated users, and more. Security breaches can happen within any stage of…

Read more →

In this 15-minute lightning talk, Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) talks about the governance challenges that financial services organizations face when they look to adopt DevSecOps. Dips has worked for Nationwide, Lloyds Banking Group, and…

Read more →

When enterprises select a SaaS provider for mission-critical applications, they are placing a bet on that product and vendor. Smart customers understand that they must minimize risks to their security and their business. Not surprisingly, many CISOs and security organizations…

Read more →

Istio’s virtual services and destination rules help DevOps engineers and cloud architects apply granular routing rules and direct traffic around the mesh. Besides, they provide features to ensure and test network resiliency so that applications operate reliably. In this article,…

Read more →

Single sign-on is a feature that allows users to access more than one application with the same credentials. This article shows how we can configure SSO using the WSO2 Identity Server. There is a cab company called Pickup that has…

Read more →

It’s a common belief among AWS users that Northern Virginia, also known as US East or N. Virginia (US-East-1), is the region with the least reliability when it comes to uptime. To verify this, we analyzed the AWS outage history…

Read more →

Maria Markstedter, founder of Azeria Labs and security researcher specialized in mobile and IoT security, was the opening keynote at BlackHat 2023 — Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow. Markstedter provided an enlightening look at…

Read more →

HTTP headers are essential elements in the communication between clients (e.g., web browsers) and servers on the internet. They contain metadata, which is additional information about the client or the request being made. These headers allow clients and servers to…

Read more →

In the world of modern software development, meticulous monitoring and robust debugging are paramount. With the rise of reactive programming paradigms, Spring WebFlux has emerged as a powerful framework for building reactive, scalable, and highly performant applications. However, as complexity…

Read more →

In this post, we will learn about the steps involved in the process of configuring an HTTPS endpoint with one-way SSL for a Mule Application. Securing communication between clients and servers is essential in today’s digital world, and using HTTPS…

Read more →

The software supply chain has emerged as a prime target for cyberattacks in recent years, as evidenced by major incidents like SolarWinds and Log4Shell. To understand how IT teams can get ahead of supply chain threats, I spoke with two…

Read more →

Android app modularization refers to the process of breaking down an Android app into smaller, independent modules. These modules can be thought of as building blocks that can be combined to form the complete app. Each module is typically responsible…

Read more →

Privileged access management (PAM) is critical for securing sensitive systems and data, especially with remote work’s expanded attack surface. However, recent research by Keeper Security reveals significant barriers still inhibit broad PAM adoption. Cost and complexity top the list of…

Read more →

Our ever-increasing reliance on technology has made software security more crucial than ever. Business owners and individuals use software every day, and that isn’t changing any time soon.  Developers are responsible for creating software that can stand up against a…

Read more →

Time and again, we encounter stark reminders that every piece of software, no matter how widespread its use or how thoroughly it is reviewed, has the potential to harbor security vulnerabilities. A recent case in point is a security flaw…

Read more →

Everywhere you turn, data security is a major challenge for several organizations. This makes it difficult to ensure that data is reliable and accurate for use. This is why organizations must now take data preservation more seriously than they ever…

Read more →

APIs are the digital fabric connecting companies, partners, and customers. But increased reliance on APIs also introduces new security risks. I recently spoke with Michelle McLean, VP of Marketing at API security provider Salt Security during Black Hat 2023 about…

Read more →

We all know that data is being generated at an unprecedented rate. You may also know that this has led to an increase in the demand for efficient and secure data storage solutions that won’t break the bank. Edge data…

Read more →

In this article, we will discuss JWT Authentication in Angular 14 step-by-step. If you want to learn the basics and details of the JWT Token, then check out this article.  This article has been indexed from DZone Security Zone Read…

Read more →

In the rapidly evolving world of technology, software applications have become the backbone of modern society. From mobile apps that streamline our daily tasks to web-based platforms that connect us globally, these applications rely on seamless communication and data exchange.…

Read more →

Security and governance are two major blockers that either stop or delay the cloud journey of various customers. In this era of the digital world, almost everyone has shown their concerns about the security of their data. Some are concerned…

Read more →

A recent interview with Island’s founding team member Brian Kenyon at Black Hat 2023 sheds light on how the enterprise browser is poised to become a powerful platform for secure remote work. Island offers a version of the Chromium open-source…

Read more →

One of the most widely held misconceptions is that authorization and authentication are the same, or something your identity provider does. It also doesn’t help that certain authentication vendors blur the line by offering their versions of access controls. But,…

Read more →

A secret is any piece of information that you want to keep confidential, such as API keys, passwords, certificates, and SSH keys. Secret Manager systems store your secrets in a secure, encrypted format, and provide you with a simple, secure…

Read more →

As an average user, choosing the right software can be a challenge. However, how you deploy the software can make a significant difference in its effectiveness. The process of deploying software involves making a tool ready for use in a…

Read more →

Istio service mesh helps DevOps engineers and architects manage the network and security of distributed applications without touching the application code. In a previous blog, we explained How to get started with Istio in Kubernetes in 5 steps, where Istio’s…

Read more →

In this article, we are going to discuss JWT Token authentication and implementation using .NET Core API 6. Before looking into this blog, visit my previous blog: Introduction and Details about JWT Token Authentication and Authorization, to understand the basics…

Read more →

The urgency of securing vulnerable software infrastructure is at the heart of an ambitious new DARPA program — the AI Cyber Challenge (AIxCC). Through competitions engaging top security talent, AIxCC aims to spur innovative tools that automatically detect and patch…

Read more →

Our previous articles of this series explored various methods to safeguard IoT devices from cyberattacks, including encryption, authentication, and security protocols. However, it is crucial to acknowledge that regular updates and maintenance are equally vital to ensure the ongoing security…

Read more →

Although they are often conflated with each other, Authentication and Authorization, represent two fundamentally different aspects of security that work together in order to protect sensitive information. In this blog, we will go over some of the key differences between…

Read more →

Richmond, Virginia, has a vibrant and storied history. While Edgar Allan Poe is more associated with Baltimore, he actually grew up in Richmond, home to the Edgar Allan Poe Museum. Richmond was also home to Maggie Lena Walker, the first…

Read more →

Enterprises nowadays are keen on adopting a microservices architecture, given its agility and flexibility. Containers and the rise of Kubernetes — the go-to container orchestration tool — made the transformation from monolith to microservices easier for them. However, a new…

Read more →

In this article, we are going to discuss JWT Token authentication and implementation using .NET Core API 6. Before looking into this blog, visit my previous blog: Introduction and Details about JWT Token Authentication and Authorization, to understand the basics…

Read more →

Cloud security is a top priority for several organizations right now; no doubt about that. However, many companies still find themselves grappling in the dark when it comes to implementing effective cloud security controls. This article addresses challenges businesses might…

Read more →

If there’s one thing nearly all contemporary, interactive client-side web applications have in common, it’s a reliance on dynamic user-facing text input fields. These fields play the all-important role of capturing plain text data from client-side browsers and sharing that…

Read more →

ESXi hosts are the backbone of virtualization, serving as the foundation for running virtual machines and managing critical workloads and as such, ensuring the security of ESXi hosts is paramount to protect the entire virtual infrastructure. As virtualization technology continues…

Read more →

To say that the RSA Conference is one of the largest cybersecurity conventions in the world would be an understatement. This year the event attracted 40,000 participants. Tens of thousands of individuals showed up to learn about the latest updates…

Read more →

Deception technology is a cybersecurity tactic that involves setting traps for potential intruders with fabricated versions of valuable assets. An organization’s security teams are alerted when cybercriminals are lured by this method.  This approach shortens the time required to detect…

Read more →

Data engineers discovered the benefits of conscious uncoupling around the same time as Gwyneth Paltrow and Chris Martin in 2014.  Of course, instead of life partners, engineers were starting to gleefully decouple storage and compute with emerging technologies like Snowflake…

Read more →

The rapid adoption of cloud computing is no coincidence. Small and medium-sized businesses (SMBs) businesses are now presented with the opportunity to break free from the constraints of traditional IT infrastructure and enjoy the numerous benefits the cloud has to…

Read more →

In an increasingly interconnected world, the need for robust cybersecurity infrastructure resilience is now more critical than ever. Cyberattacks pose significant threats to nations, businesses, and individuals alike, with potentially devastating consequences. It is in this context that we can…

Read more →

We discussed the fundamentals of EVM, the need for EVM compatibility, and the general benefits in part I of the EVM compatibility chronicles. Now, let’s delve into and explore the significance of EVM compatibility for Humanode, and gain insights directly from MOZGIII,…

Read more →

Kubernetes has made it easier to manage containerized microservices at scale. However, you get a limited set of security features with Kubernetes. A key component of application security is the prevention of unauthorized access. Standards-based identity and access management (IAM)…

Read more →

When I was a teenager, our local telephone company introduced a new service — the premium phone calls (AKA 1-900 numbers). The fun part was that we discovered a workaround to these charges by dialing the sequential local numbers, which…

Read more →

Modern software demands speed, security, and scale. Ultraviolet is meeting these needs through a developer-focused approach that multiplies productivity while reducing complexity. At BlackHat 2023, Ultraviolet CTO Jake Groth outlined how the company leverages microservices, “as code” methodologies, and developer-created…

Read more →

Web development is a pillar of contemporary commercial success in the digital world. How a website functions and appears directly influences user experience and, consequently, a company’s triumph in the competitive online realm. Web developers hold the keys to maximizing…

Read more →

In today’s fast-paced software development landscape, organizations need to provide their internal development teams with the tools and infrastructure necessary to excel. Internal developer platforms have emerged as a powerful solution that enables companies to streamline their software development processes…

Read more →

Dive deep into the DevOps world and explore the best practices that can help organizations achieve success in their release processes! Software development and operations have become increasingly intertwined in today’s fast-paced and technology-driven world. DevOps has emerged as a…

Read more →

Security continues to be one of the most important aspects of web3. As a developer, you should be securing your smart contracts by ensuring that testing — specifically a wide variety of testing — is integrated into your smart contract…

Read more →

When exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks. Rate limiting comes to mind first, but it shouldn’t stop there. We can factor many features in the API Gateway…

Read more →

Infrastructure as Code (IaC) has emerged as a pivotal practice in modern software development, enabling teams to manage infrastructure resources efficiently and consistently through code. This analysis provides an overview of Infrastructure as Code and its significance in cloud computing…

Read more →

Increasing adoption of SaaS Applications and Web Based solutions created a demand for data and resource sharing. Cloud computing provides a combination of infrastructure, platforms, data storage, and software as services. It has replaced grid computing over the years and…

Read more →

Many companies strive to adopt the DevOps approach for software development and delivery. Alongside this, they face increasing security challenges, leading to the implementation of new innovative software development methods. The need for security in the software deployment process is…

Read more →

Cybersecurity threats are real, and with the enhanced proliferation of digitization in the business landscape today, websites have become an integral part of business communication with customers and partners. Therefore, companies look for new and secure ways to protect their…

Read more →

We all want to deliver quality experiences to our customers. Before we can ensure a quality experience for our customers, it is essential to establish a clear definition of quality specific to the product we are developing. Once established, embracing…

Read more →

In the video below, we will cover real-life considerations when working with dependencies in Java: How to find and trust the right dependencies How to consistently keep them updated How to protect against vulnerabilities How to handle team backlash against…

Read more →

A robust digital presence is essential in today’s business landscape. Web development evolves constantly with new frameworks and libraries for dynamic web applications. These platforms connect with your audience and boost business productivity. Embracing these advancements is vital for success…

Read more →

In recent years, cloud computing has emerged as a game-changer for businesses of all sizes. The ability to store and access data and applications over the internet has revolutionized the way companies operate, enabling them to be more agile, efficient,…

Read more →

Welcome to the world of Javascript development, where building, testing, and deploying applications can be complex and time-consuming. As developers, we strive to automate these tasks as much as possible, and that’s where npm scripts come in. npm scripts are…

Read more →

In today’s data-driven world, Customer Data Platforms (CDPs) play a pivotal role in helping businesses harness and utilize customer data effectively.   These platforms consolidate data from various sources, providing valuable insights into customer behavior and preferences. They enable businesses to comprehensively understand their customers, facilitating targeted marketing…

Read more →

Consistently in the top rankings of the TIOBE index for the past two decades, and with a current TIOBE ranking of 4, Java has proved to be one of the most popular programming languages even after more than 25 years…

Read more →

In today’s constantly evolving digital landscape, staying ahead of the competition requires organizations to innovate continuously. Additionally, delivering high-quality software at an accelerated pace has become essential. This is where DevOps comes into play. DevOps, short for Development and Operations,…

Read more →