Tag: DZone Security Zone

Software supply chain security is a threat area that was popularized by SolarWinds and Log4j. For the first time there was widespread awareness of how exploiting popular software artifacts (libraries, frameworks, etc.) can give hackers entry, where they can then…

Read more →

Platform teams are an integral part of an IT solution delivery organization.  Every IT organization has a way of structuring its platform team based on its context and multiple considerations, including alignment with the Development or Operations of other units,…

Read more →

With the ever-increasing amount and variety of data, constantly growing regulations and legislation requirements, new capabilities and techniques to process the data, to become a data-driven organization, CIBC goes through enormous changes in all aspects of leveraging, managing, and governing…

Read more →

On March 20th, 2023, OpenAI took down the popular generative AI tool ChatGPT for a few hours. It later admitted that the reason for the outage was a software supply chain vulnerability that originated in the open-source in-memory data store…

Read more →

The universe of web improvement has gone through a beautiful development since its initial days during the commencement of the web. The method involved with creating and overseeing sites and online applications has gone through astounding progressions, molding the computerized…

Read more →

There have been major advances made in the use of machine learning models in a variety of domains, including natural language processing, generative AI, and autonomous systems, to name just a few. On the other hand, as the complexity and…

Read more →

Choosing the right data solution for your business can be a challenging process because there’s a wide selection of them, and even the same data can be processed and packaged differently. I’m here to help you understand when you should…

Read more →

As businesses aim to provide personalized experiences to their customers, they are increasingly integrating connected IoT devices into their operations. However, as the IoT ecosystem expands, protecting data from malicious individuals who may try to access and misuse personal information…

Read more →

OpenTelemetry (OTel) is an open-source standard used in the collection, instrumentation, and export of telemetry data from distributed systems. As a framework widely adopted by SRE teams and security teams, OTel is more than just one nice-to-have tool among many;…

Read more →

Nowadays, most people take it as a fact that the software we use daily is secure, and that is not really representative of the reality we live in in the software industry. A lot of the software on the market…

Read more →

Running tests is the necessary evil. I have never heard two or more engineers at the water cooler talking about the joys of test execution. Don’t get me wrong, tests are great; you should definitely have plenty of them in…

Read more →

With the COVID-19 outbreak, the e-commerce industry experienced significant growth, as the demand for online sales increased exponentially. With the decrease in live sales, multiple organizations, which ignored the online world or just hadn’t prioritized this marketing and sales channel…

Read more →

In the dynamic environment of software development, effective management of dependencies between pull requests (PRs) is pivotal to enabling smooth collaboration and seamless code integration.  But let’s face it, juggling dependencies manually can be a real challenge! This article has…

Read more →

If you work in software development, or indeed within any sector of the technology industry, you will have undoubtedly been part of discussions about, read headlines on, or even trialed a platform for generative artificial intelligence (AI). Put simply, this…

Read more →

The hype around blockchain technologies may have quieted, but the builders are still building. The toughest technical problems that kept blockchain from mass adoption over the past few years—slow and expensive transactions—are being solved by layer 2s. zkEVMs, and Linea…

Read more →

If we look at the banking market (7.5 trillion euro in 2022) and insurance ($5.6 trillion in 2022) applications, we will find it very regulative. Responsibility to act with personal data securely leads many companies to have a private cloud…

Read more →

Understanding the Need for Enhanced Security and Compliance In today’s digital world, data security, and privacy have become top priorities for businesses. With the increasing threat of cyberattacks and data breaches, it’s no longer enough to rely on traditional security…

Read more →

Amidst the rapid advancements in the utility and energy industry, where demands continually escalate, the role of IT operations has grown significantly, requiring enhanced capabilities to ensure seamless operations. The global IT operations and service management market is expected to…

Read more →

This article delves into additional authentication methods beyond those covered in previous articles. Specifically, we will explore token-based authentication and OAuth 2.0, explaining their concepts and demonstrating their implementation in MQTT. This article has been indexed from DZone Security Zone…

Read more →

Introduction to Biometrics Biometrics measures and analyses an individual’s physical and behavioral characteristics. It is a technology used for proper identification and access control of people under surveillance. The theory of biometric authentication is that everybody can be accurately identified…

Read more →

The importance of secure web applications can never be overstated. Protecting sensitive user data and making sure proper authentication is in place are essential whether you’re creating a straightforward blog or a sophisticated corporate solution. This is where the potent…

Read more →

In previous posts, we introduced that through the Username and Password fields in the MQTT CONNECT packet, we can implement some simple authentication, such as password authentication and token authentication. This article will delve into a more advanced authentication approach…

Read more →

I have already described how to secure a Spring Boot 2-based REST API with Keycloak here. Today, I would like to create a separate text with the same topic but for Spring Boot 3 — a newer, shiner version of…

Read more →

Veteran engineers likely remember the days of early software development, when software releases were delayed until they included all desired code complete features. This method resulted in extremely long wait times for users, not to mention security concerns and errors…

Read more →

In today’s world, databases are valuable repositories of sensitive information, and attackers are always on the lookout to target them. This has led to a rise in cybersecurity threats, making it essential to have proper protection measures in place. Oracle…

Read more →

The digital-first era has undoubtedly broadened the horizons of possibilities but has eventually increased the threat vector and created new vulnerabilities.  Whether we talk about phishing attacks or modern brute-force attacks where individuals’ identities are compromised, ignoring the importance of…

Read more →

Data Platform Evolution Initially, data warehouses served as first-generation platforms primarily focused on processing structured data. However, as the demand for analyzing large volumes of semi-structured and unstructured data grew, second-generation platforms shifted their attention toward leveraging data lakes. This resulted in…

Read more →

In previous articles, we explored authentication and access control mechanisms. Now it’s time to shine a light on the crucial role of Transport Layer Security (TLS) in fortifying MQTT communication. This article will focus specifically on TLS and its ability…

Read more →

Most folks managing or working within a DevOps organization are already familiar with the book “Accelerate” and DevOps Research and Assessment, commonly abbreviated as DORA, metrics. For those who are not familiar or just need a quick refresher, DORA metrics…

Read more →

Automated CI/CD (continuous integration/continuous delivery) pipelines are used to speed up development. It is awesome to have triggers or scheduling that take your code, merge it, build it, test it, and ship it automatically. However, having been built for speed…

Read more →

Secure code review is essential for ensuring software applications’ security and integrity. By examining the codebase for potential vulnerabilities and weaknesses, developers can identify and address security issues before malicious actors exploit them. This article will discuss some best practices…

Read more →

When we say DevOps, it quickly conjures up an image of a development and operations team that works together — collaboratively and communicatively. DevOps uses tools like automation, continuous integration, and monitoring. This way, the software development process picks up speed and…

Read more →

DevOps security is a set of practices that integrate security processes, people, and DevOps security tools into the development pipeline, enabling organizations to deliver software in a secure environment continuously. Whether you call it DevSecOps, network security, cyber security, DevOps and…

Read more →

Traditionally, security was often an afterthought in the software development process. The security measures were implemented late in the cycle or even after deployment. DevSecOps aims to shift security to the left. In DevSecOps, security is incorporated from the earliest…

Read more →

Amazon Web Services (AWS) provides a robust and scalable cloud computing platform that is widely adopted by organizations. However, with the increasing reliance on AWS services, ensuring proper security measures is crucial to protect sensitive data and maintain the integrity…

Read more →

Welcome back, developers and security enthusiasts! In the previous blog, “Implementing RESTful endpoints: a step-by-step guide,” we covered the essential foundations of API security, including authentication, authorization, and secure communication protocols. Now, it’s time to level up and delve into advanced…

Read more →

APIs are everywhere, and in most cases, we don’t give them much thought, even when using them multiple times a day. Whenever you log into a website using your Google or Facebook account, check the location of a new restaurant…

Read more →

AWS Vault is an open-source tool by 99Designs that enables developers to store AWS credentials in their machine keystore securely. After using it for a while at Jit, I decided to dig deeper into how it works and learned a…

Read more →

As the digital revolution reshapes government operations worldwide, Application Programming Interfaces (APIs) have emerged as a critical tool in driving digital transformation. Through APIs, governments can ensure smoother interoperability between various systems, facilitate data sharing, and innovate public services. Here,…

Read more →

The rise of cloud computing and SaaS (Software as a Service) has dramatically reshaped the digital landscape, offering companies numerous benefits like scalability, cost-efficiency, and flexibility. In fact, the five largest SaaS companies in the U.S. have a combined market…

Read more →

Angular v16, the latest major release of the Angular framework, introduces a number of exciting new features and improvements. These features are designed to make Angular development more efficient, scalable, and secure. Rethinking Reactivity One of the most significant changes…

Read more →

Kubernetes (also called K8s) remains the most in-demand container for developers. Originally developed by engineers at Google, K8s has achieved global fame as the go-to solution for hosting across on-premise, public, private, or hybrid clouds. Insights from Statista show the…

Read more →

As enterprise cloud storage solutions steadily gain momentum across global markets, the anti-virus and malware security policies deployed to protect these pay-per-scale services become more and more robust. Naturally, the taller the castle wall becomes, the higher the siege ladder…

Read more →

Introduction Cloud databases are the future of data storage and management. With the advancement of technology, businesses and organizations have recognized the need to store data on the cloud. The cloud database is a type of database that is stored…

Read more →

Last week, we described the concept behind sticky sessions: you forward a request to the same upstream because there’s context data associated with the session on that node. However, if necessary, you should replicate the data to other upstreams because…

Read more →

In the fast-paced world of software development, DevSecOps principles have emerged as a crucial approach for organizations to streamline their software delivery processes, improve collaboration between teams, and achieve faster time-to-market. In this context, the DevSecOps Research and Assessment (DORA)…

Read more →

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. It has gained popularity among developers and enterprises for its ability to provide a scalable, reliable, and efficient infrastructure for deploying modern applications.…

Read more →

Microservices architectures have gained popularity due to their scalability, agility, and flexibility. However, with these architectures’ increased distribution and complexity, ensuring robust security measures becomes paramount. The security of microservices extends beyond traditional approaches, requiring a comprehensive strategy to protect…

Read more →

The requirement for monitoring, identifying harmful behaviors, and preventing or notifying of these activities is growing quickly as the number of malicious insider and external attacks rises. The threat landscape is constantly changing, making strong security monitoring and detection solutions…

Read more →

In today’s fast-paced digital landscape, ensuring the security of software applications is of paramount importance. Traditional software security practices often involve cumbersome and time-consuming processes that hinder productivity and hinder the rapid deployment of applications. That’s where DevSecOps comes in.…

Read more →

In today’s rapidly evolving digital landscape, cloud-native applications have become the backbone of many organizations, offering scalability, flexibility, and agility. However, as the reliance on cloud-native technologies grows, so does the need for robust security measures to protect these applications…

Read more →

RESTful APIs have become a crucial component of modern web development, providing a way to interact with resources and data through a simple and consistent interface. However, as with other web-based applications, security must be a top priority when developing…

Read more →

You should be familiar with APIs, especially if you have worked with a developer or designer. But in case you haven’t, then let’s start by saying that APIs are powerful secret agents that empower mobile apps with useful features and…

Read more →

In the world of computer security, whitelisting and blacklisting are two common methods used to control access to resources. These methods are used to prevent unauthorized access to a system and to ensure that only approved applications and services are…

Read more →

Data governance is a framework created by the collaboration of people with various roles and responsibilities working towards establishing the processes, policies, standards, and metrics to achieve the organization’s goals. These goals can range from providing trusted data for businesses…

Read more →

The worth of the Cloud Computing market is estimated to hit USD 1,614.10 billion with a projected CAGR of 17.43 percent by the year 2030. The big giants that hold the market share in the cloud market are AWS, Google Cloud Platform,…

Read more →

Blockchain technology is an emerging technology field, and to explore its wide use of application, several companies have a dedicated research teams for the same. One such field that could take advantage of this technology is risk assessment. Blockchain technology…

Read more →

What Are Secure Properties? One of the best practices in any application development is to keep the application properties configurable rather than hard-coded. This is achieved by keeping the properties in property files. These application properties are very much required…

Read more →

In today’s digital landscape, data security is a paramount concern for organizations of all sizes. With the increasing volume and complexity of data breaches, businesses must adopt robust security measures to protect their sensitive information. Amazon Web Services (AWS) understands…

Read more →

In the realm of cloud computing, Amazon Web Services (AWS) EC2 instances have gained immense popularity for their scalability, flexibility, and reliability. Managing these instances often requires remote access for administrative tasks, debugging, or troubleshooting. To address the security concerns…

Read more →

Continuing our exploration of APIs and their fascinating capabilities, we delve deeper into the realm of API headers. Building upon the insights shared in our previous blog, ‘Using Query Parameters and Headers in REST API Design,’ where we’ve discussed that…

Read more →

Understanding less frequently used HTTP methods is crucial for comprehensive API development. While widely known methods like GET and POST form the foundation of web communication, there are specialized methods that are not as commonly used. These methods have specific…

Read more →

With over 80% of workloads worldwide virtualized, virtualization security is a concern for organizations regardless of size, goal, and industry. Proper protection systems for a particular organization’s workloads and data are necessary to support production and service availability. In this…

Read more →

Object-oriented programming (OOP) has become a fundamental paradigm in software development, revolutionizing the way we design, implement, and maintain complex systems. By organizing code into reusable objects with their own properties and behaviors, the four pillars of OOP are code organization,…

Read more →

In this version (version 1), we will explore the concept of IDP federation and its uses in the large enterprise for smooth access management where there is a need to handle heterogeneous sets of users. In version 2, we will…

Read more →

The open-source GraphQL query language has a ton to offer enterprises seeking a more scalable, flexible, developer-friendly, and modernized approach to API-driven development. That said, because I’m a security professional, I tend to focus on the new opportunities GraphQL also…

Read more →

Web 3.0 has grown in popularity over the last few years and has fast become a tool for the empowerment of users in regard to ownership and sharing of data. The premise is that Web 3.0 will bring back the…

Read more →

Test-driven development (TDD) is a software development approach that prioritizes writing automated tests while creating the actual code. There follows a cycle of writing a failed test, writing the code to make the test pass, and then refactoring the code.…

Read more →

The Google-created Angular framework that uses JavaScript is quite popular in developing web applications. The AngularJS framework has been completely rewritten, and Angular is intended specifically for creating dynamic programming structures. Angular allows developers to create clean, maintainable, and high-performing…

Read more →

When your organization installs a security monitoring app like Zscaler on your workstation, it could hinder your productivity by blocking many existing third-party apps you have been using for your development or testing deliverables.  In many cases, once installed, you…

Read more →

Welcome to this beginner’s guide to using Python for website analysis! As a programming language, Python has been around for over 30 years, but its popularity has skyrocketed in recent years due to its ease of use and versatility. Python…

Read more →

In today’s (mostly) digital world, maintaining data privacy and data security should be an ongoing discussion in all businesses, especially those developing applications, both internal business shops and software shops selling solutions. That said, compliance and privacy issues are not…

Read more →

Compared to a couple of years ago, open-source authentication has seen huge progress. In this post, we’ll compare three of the leading open-source authentication providers – Ory, Keycloak, and SuperTokens. Each of these providers has its own set of pros…

Read more →

AI is already preventing the most common types of cyberattacks in several ways. Here are four examples: Malware detection: AI detects malware by analyzing its code or behaviour. For example, AI can be used to identify known malware signatures or…

Read more →

Microservices architecture has emerged as a popular solution for building complex and scalable applications. In a microservices architecture, an application is broken down into a collection of loosely coupled, independently deployable services that communicate with each other via APIs. This…

Read more →

Privacy laws worldwide prohibit access to sensitive data in the clear such as passport numbers and email addresses. It is no different when persisting to operational logs. One approach can be to anonymize the data before persisting it. However, this…

Read more →

Working with IoT startups worldwide, I’ve noticed that many of my customers do not fully understand the importance of IoT security. Meanwhile, an independent study by SAM Seamless Network claims that more than a billion IoT devices were hacked last…

Read more →

Preparing for Black Hat 2023, it seems like API security will be a key issue. Here’s what you need to know. What’s an API? An API, or application programming interface, is a set of definitions and protocols for building and…

Read more →

As the artificial intelligence (AI) landscape continues to rapidly evolve, new risks and vulnerabilities emerge. Businesses positioned to leverage large language models (LLMs) to enhance and automate their processes must be careful about the degree of autonomy and access privileges…

Read more →

As cyber threats evolve and become more sophisticated, organizations must adopt proactive approaches to safeguard their digital assets. Threat hunting has emerged as a critical practice in cybersecurity, enabling professionals to stay one step ahead of malicious actors. In this…

Read more →

In today’s digital landscape, cybercrime is evolving at an unprecedented rate. This alarming growth exposes businesses to severe vulnerabilities, compelling them to take strategic measures to ensure their IT infrastructure safety against cyber threats. The dynamic nature of the digital…

Read more →

Many entrepreneurs consider DevOps solutions useful for startups and technology companies. The reason behind this notion is the chief objective of DevOps implementation, which is to help companies build their culture or establish cloud-native roots. However, the reality is completely…

Read more →

This article aims the following audiences: Tech workers Students Product managers Marketing team Sales team There are no prerequisites to reading this article. I assume that you have used a web browser to navigate across the internet.  This article has…

Read more →

As our world becomes increasingly automated, the role of artificial intelligence (AI) in various domains has grown exponentially. While AI brings numerous benefits and advancements, it also introduces new threats and challenges in cybersecurity. This article will delve into the…

Read more →

Building web applications is an art that has continued to evolve since the advent of the internet. Today, the Microsoft .NET platform stands as one of the reliable, versatile, and powerful frameworks for creating modern web applications. From desktop to…

Read more →

As the move to the cloud accelerates, organizations increasingly rely on large data teams to make data-driven business decisions. To accomplish their jobs, data professionals work with dedicated tools that are often deployed to development and production environments and are…

Read more →

APIs are a critical part of modern software development, as they allow developers to build more powerful and efficient applications by reusing existing code and functionality. However, the very openness and accessibility of APIs also make them vulnerable to attack. …

Read more →

There is a lot of confusion around modern authorization. In this post, I lay out the differences between authentication and authorization and review the evolving challenge of application authorization. I then describe the two approaches to cloud-native access control and…

Read more →

Applications nowadays are distributed as microservices all over the cloud. Organizations use Kubernetes to manage these applications at scale, which has brought great flexibility and agility for development teams. However, microservices and multicloud applications have given rise to new challenges.…

Read more →

In every organization, there may be multiple source systems for various needs. Depending on how big the organization is, the source systems may vary from one to more than 1,000. Organizations often centralize their data in one place, integrate it,…

Read more →

C continues to be one of the most relevant programming languages despite the presence of more modern options. One of the reasons for this sustained popularity is C’s functions. From ‘fgets’ to ‘toupper,’ C provides a variety of ways for…

Read more →

Navigating the General Data Protection Regulation (GDPR) maze might be daunting. If you’re using Kafka for your data storage and processing, you might be wondering if you’re GDPR compliant, particularly with respect to the Right to Erasure or “Right to…

Read more →

In today’s rapidly evolving cyber threat landscape, traditional reactive approaches to cybersecurity are no longer sufficient. As attackers become more sophisticated, organizations must adopt proactive defense strategies to stay one step ahead. This article will delve into the changing face…

Read more →

Every single day, an extensive array of fresh software vulnerabilities is unearthed by diligent security researchers and analysts. Many of these vulnerabilities emerge due to the absence of secure coding practices. Exploiting such vulnerabilities can have severe consequences, as they…

Read more →

DevSecOps means including security in the DevOps delivery pipeline. This model integrates security tenets as early as possible and in all applicable phases of the software development lifecycle. The diagram below showcases the security aspect’s integration in the later stage…

Read more →

Europe’s General Data Protection Regulation (GDPR) marks a new era in cybersecurity laws. It’s one of if not the most comprehensive and far-reaching data privacy regulations today, so it affects app development significantly. GDPR fines can be hefty, so you…

Read more →

Virtualization technology is being increasingly adopted by organizations across the globe for its numerous benefits such as cost savings, improved efficiency, flexibility, scalability, and disaster recovery. However, the increased adoption of virtualization technology has also led to increased security risks.…

Read more →

In today’s data-driven business landscape, organizations rely on robust reporting solutions to extract meaningful insights and make informed decisions. Oracle Essbase, a powerful multidimensional database, and Oracle Business Intelligence Enterprise Edition (OBIEE), a comprehensive BI platform, offer a formidable combination…

Read more →

With cyber-attacks becoming more sophisticated and prevalent every day, ensuring the safety and security of your Java application is more important than ever. The last thing any developer wants is to be the victim of a security breach that could…

Read more →

Many small and medium businesses today rely on managed service providers (MSPs) with support for IT services and processes due to having limited budgets and fully loaded environments. MSP solutions can be integrated with client infrastructures to enable proper service…

Read more →