Category: DZone Security Zone

Testing is one of the final stages of mobile app development before you’re ready for launch. The finish line may seem close, but it might not be. If you encounter mobile app testing challenges unprepared, you may have to push…

Read more →

How many times have we heard people talk about the “dream of a SOC copilot?” A copilot woåuld allow an analyst to type something like, “Show me all the SSH login attempts for 10.0.0.5 over the last hour and compare…

Read more →

You can build dynamic queries in BigQuery using the Go SDK. When building applications that allow users to select tables or datasets dynamically, you need to include those identifiers in your SQL queries. I was surprised to find that the…

Read more →

If you do not take security seriously, you are just begging for trouble. Security should be an integral part of your development process, not something that you add at the end. Patches and updates do not suffice to deter severe…

Read more →

It is not surprising that the explosion in cloud technology over the last several decades has brought about a transformational shift across industries. Organizations are relying more than ever on multiple vendors for their cloud deployments — rather than relying…

Read more →

The growth observed in modern-day cloud applications is staggering to say the least. Applications are being built faster and deployed at a faster pace. However, there can be several obstacles on this journey toward proactive security, as security and compliance…

Read more →

Every developer and architect thinks they understand logging until they’re staring at a production issue at 3:00 a.m. Realizing that their logs lack context, have no defined structure, and they’re sifting through a wall of text, desperately looking for that…

Read more →

Penetration testing — “pentesting” — still surprises teams. Some treat it as a checkbox before launch; others expect it to magically find every vulnerability. The truth sits in the middle: a well-planned penetration testing strategy turns a point-in-time assessment into…

Read more →

Walk into any tech conference today, and you’ll hear buzzwords flying: AI this, blockchain that. But ask anyone about the actual architecture required to integrate these technologies, and you’ll mostly get hand-waving. That’s because while everyone talks about the potential…

Read more →

As cyberthreats dominate the news headlines day after day, it is important for large multinational organizations and nonprofits to take immediate notice of such events. Nonprofits often work under stark resource constraints, such as minimal IT staff and limited access…

Read more →

The call came at 2:47 AM on a Tuesday in October 2024. I’d been following API security incidents for fifteen years, but this one made my coffee go cold as the CISO walked me through what happened. Their fintech had…

Read more →

Defects are an unavoidable part of software development. But when they slip into production and reach your customers, the consequences go beyond poor user experience — they can damage your brand’s credibility. That’s why every defect must be logged and…

Read more →

With the rapid adoption of cloud technologies, organizations are rushing to migrate their workloads and data to the cloud — often at a breakneck pace. Cyber hackers are not far behind in this race. On-premises systems are no longer the…

Read more →

In an increasingly globally connected world, nonprofit organizations are as much at risk and vulnerable to cyber threats as large multinational corporations, if not more so. To keep cyber threats at bay, traditional security models have often relied on devices…

Read more →

User Entity Behavior Analysis (UEBA) is a security layer that uses machine learning and analytics to detect threats by analyzing patterns in user and entity behavior. Here’s an oversimplified example of UEBA: suppose you live in Chicago. You’ve lived there…

Read more →

AI has long progressed past statistical models that generate forecasts or probabilities. The next generation of AI systems is agents, autonomous cloud-native systems capable of acting and intervening in an environment without human intervention or approval. Agents can provision infrastructure,…

Read more →

Securing modern CI/CD pipelines has become significantly more challenging as teams adopt cloud-native architectures and accelerate their release cycles. Attackers now target build systems, deployment workflows, and the open-source components organizations rely on every day. This tutorial provides a practical…

Read more →

In a world where attackers routinely scan public repositories for leaked credentials, secrets in source code represent a high-value target. But even with the growth of secret detection tools, many valid secrets still go unnoticed. It’s not because the secrets…

Read more →

The rapid evolution of digital ecosystems has placed test automation at the center of quality assurance for modern software. But as systems grow increasingly distributed, data-sensitive, and security-driven, traditional automation approaches struggle to maintain transparency, consistency, and trust. This is…

Read more →

Introduction: Why Supply Chain and Network Security Matter Now In 2021, the Log4Shell vulnerability exposed a critical weakness in modern software: we don’t know what’s inside our containers. A single vulnerable library (log4j) in thousands of applications created a global…

Read more →