Category: DZone Security Zone

It is often assumed that encryption is the gold standard method for securing assets in the cloud. Cloud providers give assurances that all their services are “encrypted by default.” Several regulatory and cloud compliance policies mandate that organizations encrypt data…

Read more →

Allowing users to upload files is a staple of modern web applications, from profile pictures to enterprise document management. However, for a security engineer or backend developer, an upload field is essentially an open invitation for an attacker to place…

Read more →

Let’s start with two pillars that modern application security teams rely on: Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). SAST is a method in which source code is analyzed early in the application development lifecycle to…

Read more →

Modern microservices, payment engines, and event-driven systems are generating massive volumes of logs every second. These logs are critical for debugging, monitoring, observability, and compliance audits. But there is an increasing and hazardous problem: Sensitive data — things like credit…

Read more →

As organizations integrate large language models (LLMs) into analytics, automation, and internal tools, a subtle yet serious shift is occurring within their data platforms. ETL and ELT pipelines that were originally designed for reporting and aggregation are now feeding models…

Read more →

Introduction Artificial intelligence has rapidly moved from research labs into everyday tools. Yet, most users remain locked into vendor‑controlled ecosystems, where the choice of language model (LM) is dictated by the provider. This creates friction for developers, educators, and organizations…

Read more →

In my previous article, I demonstrated how to implement OIDC4VCI (credential issuance) and OIDC4VP (credential presentation) using Spring Boot and an Android wallet. This follow-up focuses on a critical security enhancement now mandated by EUDI standards: DPoP (Demonstrating Proof-of-Possession). The…

Read more →

Testing is one of the final stages of mobile app development before you’re ready for launch. The finish line may seem close, but it might not be. If you encounter mobile app testing challenges unprepared, you may have to push…

Read more →

How many times have we heard people talk about the “dream of a SOC copilot?” A copilot woåuld allow an analyst to type something like, “Show me all the SSH login attempts for 10.0.0.5 over the last hour and compare…

Read more →

You can build dynamic queries in BigQuery using the Go SDK. When building applications that allow users to select tables or datasets dynamically, you need to include those identifiers in your SQL queries. I was surprised to find that the…

Read more →

If you do not take security seriously, you are just begging for trouble. Security should be an integral part of your development process, not something that you add at the end. Patches and updates do not suffice to deter severe…

Read more →

It is not surprising that the explosion in cloud technology over the last several decades has brought about a transformational shift across industries. Organizations are relying more than ever on multiple vendors for their cloud deployments — rather than relying…

Read more →

The growth observed in modern-day cloud applications is staggering to say the least. Applications are being built faster and deployed at a faster pace. However, there can be several obstacles on this journey toward proactive security, as security and compliance…

Read more →

Every developer and architect thinks they understand logging until they’re staring at a production issue at 3:00 a.m. Realizing that their logs lack context, have no defined structure, and they’re sifting through a wall of text, desperately looking for that…

Read more →

Penetration testing — “pentesting” — still surprises teams. Some treat it as a checkbox before launch; others expect it to magically find every vulnerability. The truth sits in the middle: a well-planned penetration testing strategy turns a point-in-time assessment into…

Read more →

Walk into any tech conference today, and you’ll hear buzzwords flying: AI this, blockchain that. But ask anyone about the actual architecture required to integrate these technologies, and you’ll mostly get hand-waving. That’s because while everyone talks about the potential…

Read more →

As cyberthreats dominate the news headlines day after day, it is important for large multinational organizations and nonprofits to take immediate notice of such events. Nonprofits often work under stark resource constraints, such as minimal IT staff and limited access…

Read more →

The call came at 2:47 AM on a Tuesday in October 2024. I’d been following API security incidents for fifteen years, but this one made my coffee go cold as the CISO walked me through what happened. Their fintech had…

Read more →

Defects are an unavoidable part of software development. But when they slip into production and reach your customers, the consequences go beyond poor user experience — they can damage your brand’s credibility. That’s why every defect must be logged and…

Read more →

With the rapid adoption of cloud technologies, organizations are rushing to migrate their workloads and data to the cloud — often at a breakneck pace. Cyber hackers are not far behind in this race. On-premises systems are no longer the…

Read more →