Category: DZone Security Zone

The conversation that reordered my understanding of enterprise network security happened in a conference room in London in early 2019. The CISO of a mid-size financial services firm — precise, methodical, someone whose threat modeling I trusted — was describing…

Read more →

There is a specific quality of dread that experienced security practitioners get when they think carefully about what happened in December 2020. Not the dread of a novel attack technique, or an adversary with exceptional resources. The dread of recognizing,…

Read more →

Behind every application lies a web of components, libraries, and dependencies it relies on to function. Modern applications are built on layers of dependencies, including libraries, frameworks, third-party packages, and open source components, that most teams have only a partial…

Read more →

Security teams have gotten good at finding vulnerabilities. Fixing them has always been the hard part. An analysis of remediation patterns across 50,000+ actively developed repositories and 400+ organizations during 2025 reveals a pattern: where a vulnerability is detected has…

Read more →

There is a specific kind of organizational dysfunction that doesn’t show up in sprint velocity metrics or deployment frequency dashboards. It lives in Slack threads where a senior engineer is, for the third time this week, helping a product team…

Read more →

Walk into most AppSec reviews, and you’ll find a familiar pattern. Python dependencies: fully inventoried. npm packages: tracked and patched. C and C++ code powering the operating system, the embedded firmware, or the performance-critical core of the product? A blank…

Read more →

Workday Extend lets you build custom in-Workday apps that leverage Workday’s data model, UI and security. Extend apps are fully integrated into the Workday interface and can tap into Workday data via APIs and reports.  In practice, a dashboard app…

Read more →

After working with Oracle databases for more than 15 years, one thing I have learned is that patching is not just a maintenance task, it’s a critical security and stability practice. Many production issues I have seen in enterprise environments…

Read more →

When working on modern software, a developer will often use hundreds or thousands of dependencies. Кeeping an accurate and consistent bill of materials is essential for license compliance and for security. Motivation In a large organization, the scope of dependencies…

Read more →

Enterprise Java applications still serve business-critical processes but are becoming vulnerable to changing security threats and regulatory demands. Traditional compliance-based security methods tend to respond to audits or attacks, instead of stopping them. This paper introduces a risk-based security architecture,…

Read more →

The General Data Protection Regulation (GDPR) is a comprehensive EU data privacy law that came into effect in 2018. One of its key provisions is the right to erasure (Article 17), often called the “right to be forgotten.” In simple…

Read more →

In a world where AI assistants and agents increasingly interact with external services through standardized protocols, securing communication between an AI client and its backend servers is an important aspect. The Model Context Protocol (MCP) standardizes how an AI assistant…

Read more →

A global case management system depends on a telephony surface to bind a live call to a customer record. When a call arrives, an external CTI frame loads inside Lightning, identifies the caller, resolves the account, and anchors the interaction…

Read more →

Most Docker tutorials show secrets passed as environment variables. It’s convenient, works everywhere, and feels simple. It’s also fundamentally insecure. Environment variables are visible to any process running inside the container. They appear in docker inspect output accessible to anyone…

Read more →

Infrastructure as Code (IaC) has transformed how we manage and provision infrastructure in the cloud. It enabled developers to consider compute, storage, network, and other infrastructure components as software which was not the case before infra was modeled as code.…

Read more →

OpenID Connect (OIDC) is an identity layer on top of OAuth 2.0. If you’ve used “Sign in with Google/Microsoft/Okta/Auth0”, you’ve already used OIDC. In modern single-page apps (SPAs), the best practice is: Authorization Code Flow + PKCE Store tokens in…

Read more →

In 2026, ecommerce security is no longer just a technical concern, it defines the strategic business growth, customer trust, and long term brand flexibility. As a leading custom application and web development company, Nevina Infotech has partnered globally to build…

Read more →

Error budgets represent tolerance for failure — the calculated gap between perfect availability and what service level objectives permit. SRE teams treat this space as room for innovation, experimentation, and acceptable degradation. Adversaries treat it as cover. The fundamental problem:…

Read more →

Azure Kubernetes Service (AKS) has evolved from a simple managed orchestrator into a sophisticated platform that serves as the backbone for modern enterprise applications. However, as clusters grow in complexity, the challenge shifts from initial deployment to long-term operational excellence.…

Read more →

I’ve spent years reviewing applications after security incidents, conducting code audits, and helping teams rebuild trust after token misuse exposed sensitive data. If there’s one pattern I keep seeing, it’s this: teams underestimate how important it is to secure access…

Read more →