Category: DZone Security Zone

Cybersecurity encompasses multiple different domains, including network isolation, platform security and infrastructure security. However, one thing that we less frequently discuss, but use more than often is cryptography. Whether it’s HTTPS, data encryption in databases, disk encryption, or technologies like…

Read more →

In today’s fast-paced world, organizations face increasing cyber threats that can compromise their operational integrity, erode customer trust, and jeopardize financial stability. While it’s crucial to have advanced security technologies in place, many organizations overlook the importance of cultivating a…

Read more →

The field of digital forensics often uses signatures to identify malicious executables. These signatures can take various forms: cryptographic hashes can be used to uniquely identify executables, whereas tools like YARA can help malware researchers identify and classify malware samples.…

Read more →

Protecting database access through strong password policies is a cornerstone of security in any environment. When deploying Oracle databases on AWS RDS, enforcing password complexity is essential, but the approach differs slightly from on-premises Oracle environments. AWS provides two primary…

Read more →

< div tabindex=”0″> Free Online Utilities May Not Be Safe Using online developer utilities, such as a JSON Viewer, can be incredibly convenient for parsing and visualizing JSON data, but they also come with significant risks. The tool, for instance,…

Read more →

When I first began working with serverless architectures in 2018, I quickly discovered that my traditional security playbook wasn’t going to cut it. The ephemeral nature of functions, the distributed service architecture, and the multiplicity of entry points created a…

Read more →

Imagine you’re building a skyscraper—not just quickly, but with precision. You rely on blueprints to make sure every beam and every bolt is exactly where it should be. That’s what Infrastructure as Code (IaC) is for today’s cloud-native organizations—a blueprint…

Read more →

Ever had that feeling that your phone is listening to you? You mention something random in conversation, and suddenly you’re bombarded with ads about it. Creepy, right? Privacy concerns surrounding AI have always been there. But something fascinating is happening…

Read more →

Software development teams and professionals are increasingly adopting vibe coding as their preferred approach. Vibe coding involves creating software through instinctual coding methods and minimal planning to achieve quick prototyping or making solutions work immediately. While vibe coding can spark…

Read more →

As SQL Server databases become increasingly targeted by cybercriminals, it’s crucial to adopt proactive security measures. Traditional database security mechanisms, such as access controls, role-based permissions, and firewalls, are important but may not be sufficient to detect advanced threats or…

Read more →

In our digital-first world, security isn’t just important — it’s non-negotiable, especially within DevOps environments. Yes, DevOps brilliantly accelerates development by bridging the gap between development and operations teams. But here’s the catch: that impressive speed sometimes races past essential…

Read more →

Security has been a major concern in today’s world. Security issues lead to data breaches with consequences such as data loss and financial losses. As a result, there is a need to focus on enhancing security.  The OWASP top 10…

Read more →

I’ve worked with a lot of enterprise customers over the years—big ones, too—and a common struggle I see is with their Data Loss Prevention (DLP) policies. Even though they’ve had the product for years, they often face one of two…

Read more →

Recently, my team encountered a critical production issue in which Apache Airflow tasks were getting stuck in the “queued” state indefinitely. As someone who has worked extensively with Scheduler, I’ve handled my share of DAG failures, retries, and scheduler quirks,…

Read more →

Building a full-stack application with Angular (frontend) and Node.js (backend) demands a holistic security approach. Security by design means baking in security from the architecture stage and throughout development, rather than as an afterthought. DevSecOps extends DevOps by integrating security…

Read more →

Early-career developers often struggle with secure coding practices. GitHub Copilot, an AI pair programmer, can assist in writing safer code when used wisely. However, guidance is key; a 2021 study found that approximately 40% of Copilot’s generated code had security…

Read more →

Tagging metadata and tracking SQL lineage manually is often tedious and prone to mistakes in data engineering. Although essential for compliance and data governance, these tasks usually involve lengthy manual checks of datasets, table structures, and SQL code.  Thankfully, advancements…

Read more →

Once the product becomes famous and the customer base increases, it is no longer viable to serve the customers using simple systems without too many bottlenecks. Distributed software systems are inevitable, and it is directly related to the growth of…

Read more →

Introduction Identity and Access Management (IAM) is a key pillar of any organization. It plays a vital role in enterprise security—securing the resources and the data of an organization by making sure only authorized users have access. As the IT infrastructure…

Read more →

Introduction A natural or human-made disaster is a significant concern for populations across the world. It is important that the response to such cases be prompt and effective so that human and financial losses are minimized. In addition, while the…

Read more →

The Internet of Things has shaken up our lives, connecting everything from smart homes to massive industrial systems in a pretty smooth way. Sure, these tech upgrades make our day-to-day so much easier, but they have also brought some real…

Read more →

Over the last few years, they have rapidly developed in the field of large language models (LLMs) since these models can now underpin anything, from a customer service chatbot to an enterprise-grade solution.  Now that such models are more woven…

Read more →

In this era of ever-growing digital footprint, decreasing security debt has become so critical for organizations operating in the cloud. The myriads of unresolved security findings expose services vulnerable to emerging threats as well as pose risk to compliance and…

Read more →

Cloud security refers to technologies, best practices, and safety guidelines that help to protect your data from human errors, insider and security threats. Therefore, it naturally covers a wide range of procedures, which are aimed at securing systems from data…

Read more →

As workforce becomes more digital,  identity security has become the center of enterprise cyber security. This is particularly challenging given that more than 40 billion authentication requests are processed each day, across platforms and devices, and more solutions than ever are…

Read more →

As we understood the foundational principles for designing and reviewing endpoint security controls in Part 1, we also covered key topics such as standardizing and enrolling approved devices and operating systems, enforcing strong authentication and centralized identity management, and validating…

Read more →

Introduction Managing identity and access management (IAM) for large-scale enterprises is a complex challenge, particularly when dealing with legacy systems that cannot be transitioned from overnight to modern authentication. Traditional migration often spans years, leaving enterprises burdened with technical debts…

Read more →

As organizations embrace digital transformation and hybrid work, the endpoint becomes both a critical productivity enabler and a significant security liability. Laptops, desktops, smartphones, and even IoT devices form the frontline in the battle for data integrity and organizational resilience.…

Read more →

How Hackers Bypass Lateral Movement Detection (And How to Stop Them) Detecting lateral movement has emerged as a crucial cybersecurity challenge today. Attackers who breach network perimeters follow a five-step process. They start with reconnaissance, move to their original compromise,…

Read more →

Security researchers and developers are raising alarms over “slopsquatting,” a new form of supply chain attack that leverages AI-generated misinformation commonly known as hallucinations. As developers increasingly rely on coding tools like GitHub Copilot, ChatGPT, and DeepSeek, attackers are exploiting…

Read more →

FIPS (Federal Information Processing Standards) [1] defines a set of public security standards developed by NIST (National Institute of Standards and Technology) [2] that govern the security requirements for cryptographic modules used in government systems. FIPS 140-3 is the latest…

Read more →

Introduction As of 2023, it’s estimated that 42 billion cumulative Wi-Fi enabled devices have been shipped (Wi-Fi® by the Numbers: Technology Momentum in 2023, n.d.). Every new device adds to the increasing wireless attack surface, and it’s important for anyone…

Read more →

It was not so long ago that I was having a much closer look at how AI is becoming embedded in our everyday developer work. I have watched more intelligent code suggestions, automated testing routines, and those ubiquitous chatbots become…

Read more →

Think your organization is too small to be a target for threat actors? Think again. In 2025, attackers no longer distinguish between size or sector. Whether you’re a flashy tech giant, a mid-sized auto dealership software provider, or a small…

Read more →

Abstract This article explores how artificial intelligence (AI) is enhancing threat detection in cloud certificate environments. It explicates how dissimilar AI modeling, such as supervised, unsupervised, and reinforcement learning, is used to describe and respond to security measures and threats…

Read more →

Businesses and individual users now employ big data analysis to support decision-making, engineering innovation, and productivity levels. However, the surge in the reliance on big data leads to growing concerns regarding its accuracy and trustworthiness. Although big data provides unprecedented…

Read more →

Abstract This paper presents a comprehensive approach to securing sensitive data in containerized environments using the principle of immutable secrets management, grounded in a Zero-Trust security model. We detail the inherent risks of traditional secrets management, demonstrate how immutability and…

Read more →

Introduction Cloud providers offer baseline landing zone frameworks, but successful implementation requires strategic customization tailored to an organization’s specific security, compliance, operations, and cost-management needs. Treating a landing zone as a turnkey solution can lead to security gaps and operational…

Read more →

Cookies are fundamental aspects of a web application that end users and developers frequently deal with. A cookie is a small piece of data that is stored in a user’s browser. The data element is used as a medium to…

Read more →

In the day-to-day operations of companies, solution architecture and information security are two areas that inevitably intersect. Both play a key role in building robust, scalable, and reliable technology environments. However, one question lingers — though rarely openly discussed: what…

Read more →

Apache Iceberg has emerged as a pioneering open table format,  revolutionising data management by addressing big challenges. In this article, we’ll delve into Iceberg’s capabilities, discuss its limitations, and explore the implications for data architects. A Brief History Lesson: Hadoop’s…

Read more →

As enterprises accelerate AI adoption, their cloud strategy determines whether they can efficiently train models, scale workloads, and ensure compliance. Given the computational intensity and data sensitivity of AI, businesses must choose between hybrid cloud and multi-cloud architectures. While both…

Read more →

As digital identity ecosystems evolve, the ability to issue and verify digital credentials in a secure, privacy-preserving, and interoperable manner has become increasingly important. Verifiable Credentials (VCs) offer a W3C-standardized way to present claims about a subject, such as identity…

Read more →

AWS API Gateway is a managed service to create, publish, and manage APIs. It serves as a bridge between your applications and backend services. When creating APIs for our backend services, we tend to open it up using public IPs.…

Read more →

Running “npm install” requires trusting unknown parties online. Staring at node_modules for too long leads someone to become a node_modules expert. We Should Have Solved This Issue By 2025 The registry expands relentlessly at the rate of one new library…

Read more →

A developer’s work doesn’t stop once the code is written. The real action begins when it’s deployment day. The process—managing multiple environments, testing new features, or ensuring seamless uptime during releases—must be fast, secure, and efficient. Can you imagine a…

Read more →

Introduction to AWS Network Load Balancer AWS has several critical services that drive the internet. If you have ever built any application on top of AWS and need a high throughput or volume of traffic, the chances are that you’ve…

Read more →

Security practices in DevOps have evolved from being a minor concern to one of the main focus points, which resulted in the DevSecOps movement. It’s about “shifting security to the left” in the software development lifecycle — so the security…

Read more →

When developers hear the term GDPR, the initial reaction often involves stress and uncertainty, especially around how it might slow down development or degrade application performance. But here’s the truth: GDPR isn’t just another regulation to check off your list.…

Read more →

Cloud computing has reshaped how businesses operate, offering unmatched scalability, flexibility, and cost-efficiency. However, as organizations continue to shift critical operations to the cloud, they face escalating cybersecurity challenges. Traditional security systems often struggle to protect complex, interconnected cloud environments…

Read more →

When I first started building real-world projects in Python, I was excited just to get things working. I had classes calling other classes, services spun up inside constructors, and everything somehow held together. But deep down, I knew something was…

Read more →

Abstract This article explores the concept of a Software Bill of Materials (SBOM) as an essential tool in modern software development and cybersecurity frameworks. The SBOM acts as a detailed inventory of all software components, dependencies, and associated metadata within…

Read more →

Zero trust has emerged as a cornerstone of modern enterprise security. It is mainly applied to networks, user identities, and endpoints of most organizations. However, the single layer left undersecured is the CI/CD pipeline. These systems orchestrate code validation for…

Read more →

When you think of secrets scanning, most people immediately think about source code repositories on platforms like GitHub, GitLab, and Bitbucket. While the codebase is a source you absolutely should monitor, this is just a part of the overall secrets…

Read more →

Apache Avro is a widely used data format that keeps things compact and efficient while making it easy to evolve schemas over time. By default, it comes with basic data types like int, long, string, and bytes. But what if you need…

Read more →

The Paradigm Shift in Cybersecurity In the rapidly evolving landscape of digital threats, traditional network security models have become increasingly obsolete. Enter Zero Trust Architecture (ZTA)—a revolutionary approach that fundamentally challenges decades of established cybersecurity thinking. Gone are the days…

Read more →

Apache Parquet in Data Warehousing Parquet files are becoming the de facto standard for columnar data storage in big data ecosystems. This file format is widely used by both sophisticated in-memory data processing frameworks like Apache Spark and more conventional…

Read more →

It’s hard to imagine the company managing its projects without issue-tracking tools. For example, Jira has probably become one of the most popular project management software solutions for organized teams. According to Atlassian, over 180k customers in about 190 countries…

Read more →

Multi-factor authentication (MFA) has become an essential tool for safeguarding sensitive systems. As businesses strive to comply with regulatory requirements, the integration of MFA into workflows is now standard practice. However, automating tests for MFA-enabled systems poses unique challenges for…

Read more →

A detailed website QA checklist helps make sure every aspect of the website is tested, whether through manual or automated testing approaches. It usually covers parameters like functionality, performance, usability, security, and compatibility across various browsers and devices. By following…

Read more →

As modern enterprises continue their journey toward cloud-native infrastructure, security and automation aren’t just nice to have; they’re absolutely essential. Particularly in regulated industries like finance, government, and healthcare, there’s a growing need to deploy Infrastructure as Code (IaC) within…

Read more →

In the world of Linux system administration and software development, understanding how executables interact with shared libraries is crucial. Enter ldd (List Dynamic Dependencies), a powerful command-line utility that helps you peer into the complex web of library dependencies that…

Read more →

We’re amidst a paradigm shift in society where many product verticals are being reimagined through an ‘AI-first’ architecture. An AI-first architecture is one where much of the core business logic is driven by AI, and the product is architected to…

Read more →

During the software development, builders face challenges between building a better product faster versus dealing with various responsibilities that come with software development. Getting security right is one of them. Due to the increased cyber attacks, organizations started focusing on…

Read more →

In 2023, a generative AI-powered chatbot for a financial firm mistakenly gave investment advice that violated compliance regulations, triggering regulatory scrutiny. Around the same time, an AI-powered medical summary tool misrepresented patient conditions, raising serious ethical concerns. As businesses rapidly…

Read more →

The 2024 IBM Cost of a Data Breach Report found that data breaches cost organizations an average of $4.88 million per incident globally. Many of these breaches were caused by accidental or intentional mishandling of sensitive information. As businesses rely…

Read more →

API security is crucial, as it directly impacts your business’s success and safety. How well you secure your APIs can make or mar your product, and it is of utmost importance to spend time thinking about security. I have seen…

Read more →

Amazon Web Services Web Application Firewall (AWS WAF) protects web programs against widespread vulnerabilities including SQL injection and cross-scriptability. Amazon Web Services WAFV2, a new WAF Classic service, introduces with it increased agility, elasticity, and operational efficiency.  In this article,…

Read more →

In this article, we will explore how DevSecOps transforms security in multi-cloud ecosystems. Starting with the DevSecOps phase, we will delve into how multi-cloud environments can be implemented effectively and safely. Additionally, we will examine the most significant challenges associated…

Read more →

Automation has become the cornerstone of modern IT operations, enabling organizations to streamline processes, reduce manual errors, and improve efficiency. However, as automation grows in complexity and scale, security risks also increase. Misconfigured infrastructure, untested playbooks, and vulnerabilities in automation…

Read more →

As development cycles speed up, integrating security into the CI/CD pipeline is essential to embed security checks early and throughout the process to prevent vulnerabilities from creeping into production. This article delves deeper into the technical details, code examples, and…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Generative AI: The Democratization of Intelligent Systems. Generative AI (GenAI) is transforming how organizations operate, enabling automation, content generation, and intelligent decision making at an…

Read more →

Introduction Note: You can download the source from GitHub. I’ve been working on multi-tenant applications in the .NET ecosystem for quite a while, and one of the toughest challenges I consistently run into is secure tenant isolation — especially when…

Read more →

I think we need to be realistic when we talk about AI’s role in software development. It’s not “hit a button and generate code.” For me, it’s best positioned to maximize efficiency. It’s not just a tool for getting rid…

Read more →

In a closely connected world, the Internet of Things (IoT) is already a familiar brand for people. However, the use of such many devices is likely to increase the risk of attack. This is why good patch management is so important.…

Read more →

Multidomain integration is becoming a cornerstone of modern software development, bridging technologies like blockchain, biotech, and consumer applications. These cross-domain projects are no longer optional — they are the future of innovation. However, combining such diverse systems presents unique challenges. …

Read more →

One of the biggest problems in digital product development today is the failure to collaborate with InfoSec or DevSecOps teams. Unfortunately, threats are ubiquitous and increasingly sophisticated. But did you know that there is a way to reduce the time…

Read more →

Secure file transfer (SFT) has become one of the most crucial technologies in the modern Information technology (IT) landscape for ensuring data security and confidentiality. SFT is a hot topic in today’s world, especially when decisions are being made based…

Read more →

It is exciting how different disciplines can be merged to make the processes more efficient. In 2009, DevOps was coined to address the friction between the Development and Operations teams. As a result, the industry moved towards clubbing both teams…

Read more →

Speed matters in cybersecurity. Responding to a potential threat in seconds rather than minutes can be the difference between a thwarted attack and a realized one. The problem is that human analysts — however capable they may be — often…

Read more →

API development should be about solving business problems, not repeating the same tedious tasks over and over again. Yet, for many developers, API creation is still bogged down by inefficiencies — from writing boilerplate code to manually managing integrations, security,…

Read more →

Security is a critical concern in mobile app development, especially with the rise of data breaches and cyber threats. Docker, a platform for developing, shipping, and running applications in containers, offers several advantages that can enhance the security of mobile…

Read more →

kOps is a widely used tool for deploying and managing Kubernetes clusters in multi-cloud or hybrid cloud environments. It provides a unified configuration system (YAML or JSON), which lets you easily set up clusters across AWS, GCP, Azure, and on-premises…

Read more →

Supply chains are the backbone of global commerce, but they’re increasingly complex and vulnerable to disruptions. From pandemic-related shortages to geopolitical conflicts, recent events have exposed fundamental weaknesses in traditional supply chain management approaches.  As organizations seek more resilient and…

Read more →

Problem Statement With the rapid increase of online applications in industries such as finance, e-commerce, and social media, the frequency and sophistication of fraud attempts have surged. E-commerce apps face challenges like unauthorized transactions, fake bank account creation, and bot-driven…

Read more →

Modern organizations that work in data-centric settings must place a premium on compliance and data security. Rules and regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) clearly specify practices that ought to…

Read more →

Software development is on the cusp of major transformations, driven by new technologies and an ever-growing demand for faster, more efficient, and scalable systems. For developers and leaders in software engineering, staying ahead of these trends will be essential to…

Read more →

AI is the potential ally of the common people because it becomes an integral part of our daily lives. From personalized shopping suggestions to curated music playlists, along with other AI systems, they continuously accentuate our adventures.  Nevertheless, as these…

Read more →

As Kubernetes adoption grows in cloud-native environments, securely managing AWS IAM roles within Kubernetes clusters has become a critical aspect of infrastructure management. KIAM and AWS IAM Roles for Service Accounts (IRSA) are two popular approaches to handling this requirement. …

Read more →

Who Should Own IAM in the Enterprise? Identity and access management (IAM) started as an IT function, with the entire focus on giving human users the right access to the right systems. But today, identity has become the primary attack…

Read more →

Escalating data breach risks and intensifying regulatory guidelines have put organizations’ readiness for privacy protection into the spotlight. Until now, obscuring data sets via different methods of masking has been the anchor, but rising uncertainty around the nature of attacks…

Read more →

Psychological safety isn’t about fluffy “niceness” — it is the foundation of agile teams that innovate, adapt, and deliver. When teams fearlessly debate ideas, admit mistakes, challenge norms, and find ways to make progress, they can outperform most competitors. Yet,…

Read more →

Threat modeling is often perceived as an intimidating exercise reserved for security experts. However, this perception is misleading. Threat modeling is designed to help envision a system or application from an attacker’s perspective. Developers can also adopt this approach to…

Read more →

Hey there! I’m Rocky, the face behind CodeLivly, where I share all things tech, code, and innovation. Today, I want to talk about something super important for anyone diving into the world of DevOps: networking. Networking might sound a bit…

Read more →

In the era of artificial intelligence, the use of large language models (LLMs) is increasing rapidly. These models offer amazing opportunities but also introduce new privacy and security challenges. One of the essential security measures to address these challenges involves…

Read more →

Companies are now turning to data as one of the most important assets in their businesses, and data engineers are in the midst of managing and improving this asset and its effectiveness. In addition, the integration of data engineering with…

Read more →

Amazon Aurora PostgreSQL-compatible edition major version 12.x and Amazon RDS for PostgreSQL 12 reach the end of standard support on February 28, 2025. Higher database versions introduce new features, enhancing operational efficiency and cost-effectiveness.  Identifying qualified databases and upgrading them…

Read more →

The improvement of artificial brainpower (artificial intelligence) has improved many fields, including digital protection. Notwithstanding, this mechanical improvement is a two-sided deal. While computerized reasoning brings many advantages, it also empowers cybercriminals to send off progressively complex and disastrous assaults. …

Read more →

It is not a coincidence that non-human identities (NHIs) have come into focus recently while AI-powered tools and autonomous agents are rapidly being adopted. In fact, this is partially what is driving the explosion of NHIs in the enterprise. This…

Read more →

Safeguarding critical infrastructure from ransomware has become a critical issue in today’s interconnected world. Regions, for instance, power clinical benefits and government face extending perils that could disturb supplies, impact fragile data, and cause essential financial and reputational hurt.  Ransomware…

Read more →