Category: DZone Security Zone

Container images are the key components of the software supply chain. If they are vulnerable, the whole chain is at risk. This is why container image security should be at the core of any Secure Software Development Lifecycle (SSDLC) program.…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Database Systems: Fusing Transactional Speed and Analytical Insight in Modern Data Ecosystems. Modern databases face a fundamental paradox: They have never been more accessible, yet…

Read more →

I’ve spent the better part of two decades watching companies learn hard lessons about security. But nothing prepared me for what I saw unfold in 2024. It started in May. Dell disclosed that attackers had exploited a partner portal API…

Read more →

The Reproducibility Problem Software teams consistently underestimate reproducibility until builds fail inconsistently, environments drift, and install scripts become unmaintainable. In enterprise contexts, these failures translate directly into lost time, higher costs, and eroded trust. Complex install scripts promise flexibility but…

Read more →

I used to settle for Docker images that were massive, sometimes in GBs. I realized that every megabyte matters, impacting everything from deployment speed and cloud costs to security. With time, I realize there are well-known best practices and advanced…

Read more →

Cybersecurity now requires more than just perimeter defences. As you adopt microservices, hybrid workloads, and AI pipelines on Google Cloud, identity becomes your new perimeter. Zero Trust means never trust and always verify. It is no longer optional but essential.…

Read more →

Phishing is no longer an easy-to-detect cyberattack. With the rise of artificial intelligence, attackers now launch AI-driven phishing campaigns to mimic human behavior. They can now generate flawless emails and use deepfake phishing attacks. Email security threats are more prominent…

Read more →

OWASP dropped its 2025 Top 10 on November 6th with a brand-new category nobody saw coming: “Mishandling of Exceptional Conditions” (A10). I spent a weekend building a scanner to detect these issues and immediately found authentication bypasses in three different…

Read more →

Set against the backdrop of accelerated growth of technology over the past several decades, notwithstanding large organizations, nonprofits as well have become overly reliant on technology for their day-to-day operations. New data shows that this reliance often presents opportunities for…

Read more →

Like many challenges, it began with a user who continued receiving the wrong videos on her feed. It appeared to be a mere glitch in our recommendation system, but as we got deeper into it, we found that there was…

Read more →

The Model Context Protocol (MCP) is rapidly emerging as a fundamental framework for secure AI integration. It effectively links large language models (LLMs) with essential corporate assets, such as APIs, databases, and services. However, moving from concept to production requires…

Read more →

I learned this lesson the hard way. A few years back, I built a donation platform I thought was bulletproof. The design? Slick. Payments? Smooth. I figured, “Alright, I’ve nailed it.” This article has been indexed from DZone Security Zone…

Read more →

Istio has established itself as a popular, trusted, and powerful service mesh platform. It complements Kubernetes with powerful features such as security, observability, and traffic management with no code changes. Istio’s several key features strengthen cloud-native and distributed systems, ensuring…

Read more →

A recent MIT study reported that only about 5% of GenAI applications are creating real, measurable business value. In my opinion, that’s not a failure of ambition. If anything, most teams are experimenting aggressively. The issue is that the underlying…

Read more →

In Identity Governance and Administration (IGA), connectors help keep user accounts, roles, and access permissions in sync across your applications.   What if you don’t deploy a connector? What about legacy and cloud applications that don’t support SCIM, or systems…

Read more →

Introduction When an AI trading agent exploits a smart contract vulnerability, financial firms can lose millions in seconds. In 2024 alone, more than $1.42 billion vanished through smart contract exploits, with AI-enhanced systems showing particularly troubling weaknesses that traditional security…

Read more →

Security research isn’t a stranger to controversy. The small community of dedicated niche security teams, independent researchers, and security vendors working on new products finds vulnerabilities in software and occasionally has permission to find and exploit them. This security industry…

Read more →

The evolution of conversational AI has introduced another dimension of interaction between businesses and users on the internet. AI chatbots have become an inseparable part of the digital ecosystem, which is no longer restricted to customer service or personalized suggestions.…

Read more →

Modern data lakes increasingly rely on Apache Iceberg for managing large analytical datasets, while organizations simultaneously demand fine-grained access control (FGAC) to secure sensitive data. However, combining these technologies can create unexpected performance bottlenecks that significantly impact query execution times.…

Read more →

APIs: The New Battlefield Every API endpoint is a doorway. Some lead to treasure vaults. Others? Straight into disaster. I’ve spent the last five years watching enterprises get blindsided by API attacks they never saw coming. Payment processors are losing…

Read more →