Category: DZone Security Zone

Autonomous agents don’t just fail. They persist. They retry, replan, and chain tools until something “works.” That persistence is exactly what makes agents valuable, and exactly what makes them hazardous in production without strict execution controls. Algorithmic circuit breakers (ACBs)…

Read more →

A few years ago, I was part of a large enterprise transformation program where the leadership team proudly announced that they had successfully implemented DevOps across hundreds of applications. Deployments were faster. Release cycles dropped from months to days. Developers…

Read more →

Sharing large datasets securely with external partners is a major challenge in modern data engineering. Legacy methods such as transferring files via SFTP or HTTP and building custom APIs often create brittle pipelines that are hard to scale and govern.…

Read more →

Log-driven detections often fail for predictable engineering reasons: events arrive too late for containment, sources emit inconsistent fields, and pipelines become non-deterministic when retries and partial failures occur. Real-time log processing mitigates these failure modes by treating logs as a…

Read more →

Cyberattacks on critical infrastructure and manufacturing systems are growing in scale and sophistication. Industrial control systems, connected devices, and cloud services expand the attack surface far beyond traditional IT networks. Ransomware can stop production lines, and manipulated sensor data can…

Read more →

Cyber threats are in an era where defense and attack are powered by artificial intelligence. While AI has seen a rapid advancement in recent times, it has raised concern among world leaders, policymakers and experts. Evidently, the rapid and unpredictable…

Read more →

Before CNAPP, DevOps owned code, and cloud security teams were responsible for keeping it safe. But that’s hard to do when you’re not part of the build process. This article has been indexed from DZone Security Zone Read the original…

Read more →

I watched a senior engineer spend two weeks hardening their LLM-powered claims assistant against prompt injection. Input sanitization. A blocklist with 400+ attack patterns. A classifier model running in front of the main LLM. Rate limiting. He was thorough. Proud,…

Read more →

The conversation that reordered my understanding of enterprise network security happened in a conference room in London in early 2019. The CISO of a mid-size financial services firm — precise, methodical, someone whose threat modeling I trusted — was describing…

Read more →

There is a specific quality of dread that experienced security practitioners get when they think carefully about what happened in December 2020. Not the dread of a novel attack technique, or an adversary with exceptional resources. The dread of recognizing,…

Read more →

Behind every application lies a web of components, libraries, and dependencies it relies on to function. Modern applications are built on layers of dependencies, including libraries, frameworks, third-party packages, and open source components, that most teams have only a partial…

Read more →

Security teams have gotten good at finding vulnerabilities. Fixing them has always been the hard part. An analysis of remediation patterns across 50,000+ actively developed repositories and 400+ organizations during 2025 reveals a pattern: where a vulnerability is detected has…

Read more →

There is a specific kind of organizational dysfunction that doesn’t show up in sprint velocity metrics or deployment frequency dashboards. It lives in Slack threads where a senior engineer is, for the third time this week, helping a product team…

Read more →

Walk into most AppSec reviews, and you’ll find a familiar pattern. Python dependencies: fully inventoried. npm packages: tracked and patched. C and C++ code powering the operating system, the embedded firmware, or the performance-critical core of the product? A blank…

Read more →

Workday Extend lets you build custom in-Workday apps that leverage Workday’s data model, UI and security. Extend apps are fully integrated into the Workday interface and can tap into Workday data via APIs and reports.  In practice, a dashboard app…

Read more →

After working with Oracle databases for more than 15 years, one thing I have learned is that patching is not just a maintenance task, it’s a critical security and stability practice. Many production issues I have seen in enterprise environments…

Read more →

When working on modern software, a developer will often use hundreds or thousands of dependencies. Кeeping an accurate and consistent bill of materials is essential for license compliance and for security. Motivation In a large organization, the scope of dependencies…

Read more →

Enterprise Java applications still serve business-critical processes but are becoming vulnerable to changing security threats and regulatory demands. Traditional compliance-based security methods tend to respond to audits or attacks, instead of stopping them. This paper introduces a risk-based security architecture,…

Read more →

The General Data Protection Regulation (GDPR) is a comprehensive EU data privacy law that came into effect in 2018. One of its key provisions is the right to erasure (Article 17), often called the “right to be forgotten.” In simple…

Read more →

In a world where AI assistants and agents increasingly interact with external services through standardized protocols, securing communication between an AI client and its backend servers is an important aspect. The Model Context Protocol (MCP) standardizes how an AI assistant…

Read more →