Category: DZone Security Zone

Designing cloud infrastructure for healthcare isn’t just about uptime and cost; it’s about protecting sensitive patient data and satisfying regulatory requirements like HIPAA and HITRUST. When we were tasked with migrating a healthcare client’s legacy workloads into Azure, we knew…

Read more →

Machine learning models don’t succeed in isolation — they rely on robust systems to validate, monitor, and explain their behavior. Top tech companies such as Netflix, Meta, and Airbnb have invested heavily in building scalable experimentation and ML platforms that…

Read more →

You can’t secure what you don’t understand, and right now, most enterprises don’t understand the thing running half their operations. Autonomous AI agents are here. They’re booking appointments, executing trades, handling customer complaints, and doing it all without waiting for…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. Software supply chain security is on the rise as systems advance and…

Read more →

As an architect, security is the first thing that comes to mind when defining an architecture for a customer. One of the key things that you need to keep in mind is minimizing the network traffic routed through the public…

Read more →

Series Overview This article is part 1 of a multi-part series: “Development of system configuration management.” The complete series: This article has been indexed from DZone Security Zone Read the original article: Development of System Configuration Management: Introduction

Read more →

The rise of data mesh architectures redefines how modern organizations have approached the concept of data security. Standard best practices dictate that data should be centralized, allowing it to be collected, stored, and governed within monolithic systems, such as data…

Read more →

APIs have emerged as the cement of the contemporary application. APIs are at the heart of the movement of data, and the interaction of systems, whether in the form of mobile apps and web frontends or microservices and third-party integrations.…

Read more →

This tutorial is all about implementing JWT Policy Enforcement in API Manager using a sample RAML-based project. It’s especially helpful when applying policies through the API Manager in the Anypoint Platform. Along the way, you’ll also learn how to secure…

Read more →

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In parts 2 and part 3 of this blog series, we introduced the open-source Trestle SDK, which implements the NIST…

Read more →

Most developers don’t start their day thinking, “Is our internal directory secure?” They’ve got builds to run, bugs to squash, maybe a pull request or five to review. But internal directories (like Active Directory or Azure AD) aren’t just a…

Read more →

With the release of the IBM® App Connect Operator version 12.1.0, you can now use your existing Keycloak instance to configure authentication and authorization for App Connect Dashboard and Designer Authoring. Building on top of the capability to use Keycloak,…

Read more →

In 2025, mobile applications are smarter, faster, and increasingly location-aware. From e-commerce personalization to regional compliance, knowing where a user is located adds critical context to the user experience. While GPS provides the most accurate location data, it isn’t always…

Read more →

In this blog, you will learn how to set up the OpenID Connect Authorization Code Flow using Keycloak. You will execute the flow yourself in order to get a better understanding of OIDC. Enjoy! Introduction Adding security to your application…

Read more →

As software continues to eat the world, and AI becomes a force multiplier for attackers, those of us tasked with defending our systems have to be more focused, deliberate, and proactive in our approaches. We have to rise up to…

Read more →

Your organization’s entire infrastructure moved to the cloud last year, but your security team is still thinking like it’s 2015. They’re applying traditional network security controls to cloud environments, creating bottlenecks that slow down your deployments and leave massive security…

Read more →

In the rapidly evolving landscape of cloud automation and multi-cloud strategies, the secure handling of sensitive data, particularly credentials, has emerged as a paramount concern. Traditional methods of storing long-lived credentials, whether in configuration files, CI/CD pipelines, or dedicated secret…

Read more →

GitHub Copilot is not just a new tool anymore. It’s becoming a code productivity accelerator tool. In regulated industries like fintech, where speed must match uncompromising security standards. AI-assisted coding can shift the developer workflow from reactive to proactive.  In…

Read more →

Infrastructure as Code (IaC) was supposed to solve the chaos of cloud operations. It promised visibility, governance, and the ability to scale infrastructure with confidence. But for many teams, the reality is far from ideal.  Instead of clarity and control,…

Read more →

Picture this: you’re a cybersecurity pro up against an invisible enemy. Hidden in your network are zero-day exploits, which represent unknown vulnerabilities that await their moment to strike. The time you spend examining logs becomes pointless because the attack might…

Read more →

Secure Multi-Tenancy Implementation Guide As a developer who has worked extensively with SaaS applications, I’ve learned that implementing secure multi-tenancy is one of the most critical aspects of building scalable software-as-a-service platforms. Through my experience, I’ve compiled this comprehensive checklist…

Read more →

The cross-section of artificial intelligence and data governance has come to a defining moment in 2025, but Databricks is taking the lead here. As AI technologies and enterprise data ecosystems evolve rapidly, and the ecosystems themselves become more complex, traditional…

Read more →

Microservices enable modern application architecture in today’s fast-changing digital world. They break apps into smaller, deployable services, and this accelerates development, improves scalability, and increases flexibility.  Cloud computing’s capabilities for distributed systems and containerized settings make this step vital, contributing…

Read more →

The comfort zone of anonymization is breaking. For years, enterprises have limited their privacy goals to surface-level techniques of anonymization. Techniques such as Mask PII, which obfuscate identifiers and others, are often assumed to ensure compliance without thorough execution. And…

Read more →

Data modernization is a strategic endeavor that transforms the way organizations harness data for value creation. It involves adopting innovative approaches in terms of accessibility, governance, operations, and technology, typically centered around modern cloud architectures. This transformation is not limited…

Read more →

The principle of least privilege is fundamental to securing cloud environments by ensuring that identities have only the permissions necessary to perform their tasks. In AWS Identity and Access Management (IAM), sticking to the principle of least privilege is one…

Read more →

Working with multiple threads is one of the most complex problems we may encounter in our daily work. When put against the wall of multithreading, most people right away reach out for blocking approaches. In Java, it takes the form…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. High-profile software supply chain attacks like SolarWinds, Log4j, and MOVEit highlight the…

Read more →

Are you looking for a way to expose your containerized applications to the internet without breaking compliance with IBM Cloud for Financial Services? This guide walks through how to do just that. It shows how to securely expose your apps…

Read more →

Picture this: you’re a cybersecurity pro up against an invisible enemy. Hidden in your network are zero-day exploits, which represent unknown vulnerabilities that await their moment to strike. The time you spend examining logs becomes pointless because the attack might…

Read more →

In multi-tenant systems—whether you’re managing an API gateway, identity platform, or SaaS product—access control is essential. Two of the most widely used tools for managing that access are allowlists and denylists. These mechanisms define who or what is permitted or rejected,…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. The software supply chain has rapidly evolved into a critical vulnerability point…

Read more →

API management has emerged as a critical and strategic factor in staying ahead of the market leaders. However, digital transformation has significant disadvantages, such as opening the door to hackers.  Hackers have been quick to take advantage of a serious…

Read more →

Applications related to the web enable business, e-commerce, and user interactions to be the backbones of the e-world of a more and more digital world. In this growth, there is one thing that has gone up, and that is web…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. In today’s software landscape, the supply chain has grown from a controlled…

Read more →

Web development in 2025 has evolved at an incredible pace. We’ve gone from clunky monoliths to sleek, scalable apps powered by frameworks like Next.js, which millions of developers now rely on for building modern, server-rendered React applications. But as our…

Read more →

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In the last two blog posts of this multi-part series on continuous compliance, we presented Compliance Policy Administration Centers (CPAC)…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. The goal of DevOps and DevSecOps — and whatever future contractions come…

Read more →

Modern CI/CD pipelines are essential for rapid and reliable software delivery. But as pipelines automate more stages of the development lifecycle—from code validation to production deployment—they have also become a major target for exploitation. Traditional pipelines often operate on broad…

Read more →

SSL/TLS certificates are foundational to secure communications on the internet. However, Windows environments present unique challenges that go beyond basic certificate installation and troubleshooting.  If you’re already familiar with SSL fundamentals, you’ll want to know how to handle complex certificate…

Read more →

Look, I’ve been in cybersecurity for over a decade, and I’m tired of seeing the same preventable disasters over and over again. Cloud security breaches aren’t happening because of some sophisticated nation-state actor using a zero-day exploit. They’re happening because…

Read more →

Cloud platforms have become prime targets for ransomware and malware attacks, which can paralyze businesses by encrypting data or exfiltrating sensitive information. Traditional security tools such as signature-based antivirus and rule-based systems often struggle to detect advanced threats that mutate…

Read more →

Speed kills. In software development, that axiom has never been more literal. DevOps pipelines surge through modern enterprises like digital bloodstreams — pumping code, configurations, and deployments at breakneck velocity. Continuous integration and continuous delivery are the promises of rapid…

Read more →

It’s no secret that technology is evolving much faster than our traditional Identity and Access Management systems can handle. These legacy systems were designed for simpler times, when everything was hosted locally and security was perimeter-based. So, in an era…

Read more →

Emerging technologies like homomorphic encryption and zero-knowledge proofs can definitely help organizations approach zero-trace personal data anonymization. These and similar techniques can bring datasets to a near-zero-trace status, even achieving it in limited cases. There’s a major force that’s acting…

Read more →

Visual tracking systems are essential for applications ranging from surveillance to autonomous navigation. However, these systems have a significant Achilles’ heel: they rely heavily on large, labeled datasets for training. This reliance makes it challenging to deploy them in real-world…

Read more →

The world of AI, especially with Large Language Models (LLMs) and Generative AI, is changing the game. It’s like we’ve unlocked a superpower for creating content, automating tasks, and solving tricky problems. But, as with any new superpower, there are…

Read more →

Microservice is the false belief that adding a message broker to your app will somehow magically make it faster and more scalable. Ignoring the fact that this is, in itself, an oxymoron—and that your app quite literally becomes two billion…

Read more →

Recently, I explored how the Model Context Protocol (MCP) is gaining traction in the Java ecosystem, with frameworks like Spring AI, Quarkus, and LangChain4j starting to adopt it for integrating language models via standardized interfaces. It was also time to…

Read more →

CRITICAL_PROCESS_DIED is a notorious Windows error that triggers the dreaded Blue Screen of Death (BSOD), often leaving users frustrated and unsure of how to proceed. This error typically indicates that a critical system process has unexpectedly terminated, causing Windows to…

Read more →

Software projects can have disastrous breaches resulting from security flaws that expose private information and compromise user confidence. Preventive security measures become critical as applications get more sophisticated. One of the best ways to find and reduce possible hazards before…

Read more →

Abstract: Healthcare systems around the world are at a critical juncture, navigating the pressures of digital transformation, rising cybersecurity threats, and fragmented data landscapes. While the volume of healthcare data grows exponentially, the capacity to manage it securely and effectively…

Read more →

Large language models are fast-developing and transforming the way we use technology. The rise of generative AI tools like ChatGPT and Gemini in 2022 has led to common business exploration and employee adoption, frequently including unapproved use of tools such…

Read more →

Are we getting too aggressive with speed and efficiency in automation, losing the battle to security? If security isn’t prioritized, automation can accelerate risks as quickly as it accelerates processes, leading to severe consequences. A study conducted on the IBM…

Read more →

As the degree of account takeovers and unauthorized access attempts continues to be more and more sophisticated, the time to notify users about security-critical situations has become a vital issue. The moment when a system becomes aware of irregular behavior…

Read more →

Cybersecurity doesn’t fail because someone forgot to patch a server. It fails because no one asked the right questions early enough, and because the wrong people were trusted to find the answers. Most companies start building a cybersecurity team only…

Read more →

A security architect’s role extends far beyond designing secure systems. It demands a continuous, vigilant approach to assessing the effectiveness of implemented controls against evolving threats. With the proliferation of cloud-native architectures, microservices, and distributed environments, a mere checklist approach…

Read more →

In software development, efficiency and security are key, especially for applications that require multi-factor authentication (MFA). MFA enhances security but complicates automated testing, particularly for key business processes like logins or transaction validations.  Altering testing environments to handle MFA differently…

Read more →

When building web applications, handling authentication securely and reliably is critical. That’s where OpenID Connect (OIDC) comes in. OIDC is a thin identity layer built on top of OAuth 2.0, and it gives your app the ability to verify who…

Read more →

Kubernetes Admission Controllers are a powerful but often overlooked security mechanism. Acting as gatekeepers, they intercept API server requests before objects are persisted in etcd, allowing you to enforce custom policies or inject configurations automatically. Whether it’s blocking privileged containers…

Read more →

Data-driven policy refers to the practice of using data, analytics, and empirical evidence to inform and guide government decision-making, moving beyond reliance on intuition or anecdotal information. Governments must be agile, transparent, and resilient in their decision-making. The convergence of…

Read more →

Digital twins and IIoTs are evolving technologies that are transforming the digital landscape of supply chain transformation. The IIoT aims to connect to actual physical sensors and actuators. On the other hand, DTs are replica copies that virtually represent the…

Read more →

Cybersecurity is more critical than ever as technology becomes more integrated into our daily lives and business operations. Cyber threats change quickly, so software developers need to make sure that apps, data, and users are safe by putting strong security…

Read more →

Kubernetes has become the de facto standard for orchestrating containerized applications. As organizations increasingly embrace cloud-native architectures, ensuring observability, security, policy enforcement, progressive delivery, and autoscaling is like ensuring your spaceship has enough fuel, oxygen, and a backup plan before…

Read more →

With an ever connected and globalized world, it is not surprising that cybersecurity attacks are on the rise. The repercussions of persistent cybersecurity attacks touch all types of organizations regardless of scale, from huge international companies to small local non-profits…

Read more →

When you became a developer, you didn’t imagine you’d be spending a big chunk of your time parsing vulnerability reports, getting stuck in security review cycles, or rerunning CI jobs because the pipeline flagged a dozen “critical issues,” half of…

Read more →

Serverless computing, app development, and deployment have been completely revolutionized by its unparalleled scalability and cost efficiency. Infrastructure management abstraction, which is provided by serverless platforms like AWS Lambda, Google Cloud Functions, and Azure Functions, allows developers to concentrate on…

Read more →

Did you know cloud security was one of the most evident challenges of using cloud solutions in 2023? As businesses increasingly depend on Cloud services like Amazon Web Services (AWS) to host their applications, securing sensitive data in the Cloud…

Read more →

The threat of malware in enterprises is evolving each year. As enterprises expand their digital footprint through remote work and cloud adoption, their attack surface increases, making them more vulnerable to targeted malware campaigns. FBI’s 2023 Internet Crime Report showed…

Read more →

In modern microservices architectures, achieving comprehensive observability is not just an option—it’s a necessity. As applications scale dynamically within Kubernetes environments, tracking performance issues, enforcing security policies, and ensuring smooth deployments become complex challenges. Traditional monitoring solutions alone cannot fully…

Read more →

Cybersecurity encompasses multiple different domains, including network isolation, platform security and infrastructure security. However, one thing that we less frequently discuss, but use more than often is cryptography. Whether it’s HTTPS, data encryption in databases, disk encryption, or technologies like…

Read more →

In today’s fast-paced world, organizations face increasing cyber threats that can compromise their operational integrity, erode customer trust, and jeopardize financial stability. While it’s crucial to have advanced security technologies in place, many organizations overlook the importance of cultivating a…

Read more →

The field of digital forensics often uses signatures to identify malicious executables. These signatures can take various forms: cryptographic hashes can be used to uniquely identify executables, whereas tools like YARA can help malware researchers identify and classify malware samples.…

Read more →

Protecting database access through strong password policies is a cornerstone of security in any environment. When deploying Oracle databases on AWS RDS, enforcing password complexity is essential, but the approach differs slightly from on-premises Oracle environments. AWS provides two primary…

Read more →

< div tabindex=”0″> Free Online Utilities May Not Be Safe Using online developer utilities, such as a JSON Viewer, can be incredibly convenient for parsing and visualizing JSON data, but they also come with significant risks. The tool, for instance,…

Read more →

When I first began working with serverless architectures in 2018, I quickly discovered that my traditional security playbook wasn’t going to cut it. The ephemeral nature of functions, the distributed service architecture, and the multiplicity of entry points created a…

Read more →

Imagine you’re building a skyscraper—not just quickly, but with precision. You rely on blueprints to make sure every beam and every bolt is exactly where it should be. That’s what Infrastructure as Code (IaC) is for today’s cloud-native organizations—a blueprint…

Read more →

Ever had that feeling that your phone is listening to you? You mention something random in conversation, and suddenly you’re bombarded with ads about it. Creepy, right? Privacy concerns surrounding AI have always been there. But something fascinating is happening…

Read more →

Software development teams and professionals are increasingly adopting vibe coding as their preferred approach. Vibe coding involves creating software through instinctual coding methods and minimal planning to achieve quick prototyping or making solutions work immediately. While vibe coding can spark…

Read more →

As SQL Server databases become increasingly targeted by cybercriminals, it’s crucial to adopt proactive security measures. Traditional database security mechanisms, such as access controls, role-based permissions, and firewalls, are important but may not be sufficient to detect advanced threats or…

Read more →

In our digital-first world, security isn’t just important — it’s non-negotiable, especially within DevOps environments. Yes, DevOps brilliantly accelerates development by bridging the gap between development and operations teams. But here’s the catch: that impressive speed sometimes races past essential…

Read more →

Security has been a major concern in today’s world. Security issues lead to data breaches with consequences such as data loss and financial losses. As a result, there is a need to focus on enhancing security.  The OWASP top 10…

Read more →

I’ve worked with a lot of enterprise customers over the years—big ones, too—and a common struggle I see is with their Data Loss Prevention (DLP) policies. Even though they’ve had the product for years, they often face one of two…

Read more →

Recently, my team encountered a critical production issue in which Apache Airflow tasks were getting stuck in the “queued” state indefinitely. As someone who has worked extensively with Scheduler, I’ve handled my share of DAG failures, retries, and scheduler quirks,…

Read more →

Building a full-stack application with Angular (frontend) and Node.js (backend) demands a holistic security approach. Security by design means baking in security from the architecture stage and throughout development, rather than as an afterthought. DevSecOps extends DevOps by integrating security…

Read more →

Early-career developers often struggle with secure coding practices. GitHub Copilot, an AI pair programmer, can assist in writing safer code when used wisely. However, guidance is key; a 2021 study found that approximately 40% of Copilot’s generated code had security…

Read more →

Tagging metadata and tracking SQL lineage manually is often tedious and prone to mistakes in data engineering. Although essential for compliance and data governance, these tasks usually involve lengthy manual checks of datasets, table structures, and SQL code.  Thankfully, advancements…

Read more →

Once the product becomes famous and the customer base increases, it is no longer viable to serve the customers using simple systems without too many bottlenecks. Distributed software systems are inevitable, and it is directly related to the growth of…

Read more →

Introduction Identity and Access Management (IAM) is a key pillar of any organization. It plays a vital role in enterprise security—securing the resources and the data of an organization by making sure only authorized users have access. As the IT infrastructure…

Read more →

Introduction A natural or human-made disaster is a significant concern for populations across the world. It is important that the response to such cases be prompt and effective so that human and financial losses are minimized. In addition, while the…

Read more →

The Internet of Things has shaken up our lives, connecting everything from smart homes to massive industrial systems in a pretty smooth way. Sure, these tech upgrades make our day-to-day so much easier, but they have also brought some real…

Read more →

Over the last few years, they have rapidly developed in the field of large language models (LLMs) since these models can now underpin anything, from a customer service chatbot to an enterprise-grade solution.  Now that such models are more woven…

Read more →

In this era of ever-growing digital footprint, decreasing security debt has become so critical for organizations operating in the cloud. The myriads of unresolved security findings expose services vulnerable to emerging threats as well as pose risk to compliance and…

Read more →

Cloud security refers to technologies, best practices, and safety guidelines that help to protect your data from human errors, insider and security threats. Therefore, it naturally covers a wide range of procedures, which are aimed at securing systems from data…

Read more →

As workforce becomes more digital,  identity security has become the center of enterprise cyber security. This is particularly challenging given that more than 40 billion authentication requests are processed each day, across platforms and devices, and more solutions than ever are…

Read more →

As we understood the foundational principles for designing and reviewing endpoint security controls in Part 1, we also covered key topics such as standardizing and enrolling approved devices and operating systems, enforcing strong authentication and centralized identity management, and validating…

Read more →

Introduction Managing identity and access management (IAM) for large-scale enterprises is a complex challenge, particularly when dealing with legacy systems that cannot be transitioned from overnight to modern authentication. Traditional migration often spans years, leaving enterprises burdened with technical debts…

Read more →

As organizations embrace digital transformation and hybrid work, the endpoint becomes both a critical productivity enabler and a significant security liability. Laptops, desktops, smartphones, and even IoT devices form the frontline in the battle for data integrity and organizational resilience.…

Read more →

How Hackers Bypass Lateral Movement Detection (And How to Stop Them) Detecting lateral movement has emerged as a crucial cybersecurity challenge today. Attackers who breach network perimeters follow a five-step process. They start with reconnaissance, move to their original compromise,…

Read more →

Security researchers and developers are raising alarms over “slopsquatting,” a new form of supply chain attack that leverages AI-generated misinformation commonly known as hallucinations. As developers increasingly rely on coding tools like GitHub Copilot, ChatGPT, and DeepSeek, attackers are exploiting…

Read more →