For a long time, I thought I had password hashing figured out. Like many Java developers, I relied on bcrypt, mostly because it’s the default choice in Spring Security. It was easy to use, widely recommended, and treated in tutorials…
Category: DZone Security Zone
Automating the DFIR Triage Loop With Memory Forensics and LLMs
Most modern security operations centers (SOCs) face a problem of speed and volume of data collection. While collecting data is no longer the issue in many cases, analyzing it is — especially during high-priority incidents. To collect forensic evidence in…
Quantum-Safe Trading Systems: Preparing Risk Engines for the Post-Quantum Threat
The Coming Break in Trust Picture this: a structured BRL-USD note is booked and hedged in 2025, stitched across FX triggers, callable steps, and a sovereign curve that looks stable enough to lull even the cautious. Trade capture is clean,…
Scaling Enterprise RPA With Secure Automation and Robust Governance
Enterprise RPA has matured from “task bots” into a core capability for automating business processes at scale across several domains, including finance operations, customer onboarding, supply chain workflows, HR shared services, and regulated back-office functions. The challenge is no longer…
Golden Paths for AI Workloads – Standardizing Deployment, Observability, and Trust
As AI workloads mature from experimental prototypes into business-critical systems, organizations are discovering a familiar problem: inconsistency at scale. Each team deploys models differently, observability varies widely, and operational maturity depends heavily on individual expertise. This is where Golden Paths…
Information Security Outsourcing 2.0: Balancing Control, Cost, and Capability
Information security outsourcing involves transferring part or all of an organization’s cybersecurity and IT infrastructure protection responsibilities to external experts. This approach allows companies to reduce the costs associated with maintaining an in-house Security Operations Center (SOC) and dedicated staff, gain access…
The AI Firewall: Using Local Small Language Models (SLMs) to Scrub PII Before Cloud Processing
As organizations increasingly rely on powerful cloud-based AI services like GPT-4, Claude, and Gemini for sophisticated text analysis, summarization, and generation tasks, a critical security concern emerges: what happens to sensitive data when it’s sent to external AI providers? Personal…
Secure Multi-Tenant GPU-as-a-Service on Kubernetes: Architecture, Isolation, and Reliability at Scale
GPUs are a core feature of modern cloud platforms, used to support a wide range of machine learning training, inference, analytics, and simulation workloads. To support this diverse demand, GPUs can no longer be dedicated to a single team or…
The Real Cost of DevOps Backup Scripts
Organizations rely on different methods for data backup, depending on factors such as data criticality. There are several options, ranging from DIY scripts to third-party backup vendors. The effectiveness of these approaches depends on how well they protect data and…
The Self-Healing Directory: Architecting AI-Driven Security for Active Directory
For over two decades, Active Directory (AD) has been the “central nervous system” of enterprise IT. It manages who gets in, what they can access, and when. Because of this centrality, it is the single most valuable target for an…
Architecting Immutable Data Integrity with Amazon QLDB and Blockchain
In the current landscape of ransomware and sophisticated SQL injection attacks, standard database security is no longer sufficient. We rely heavily on cryptographic hashes (such as SHA-256) to verify data integrity. The logic is simple: if the hash changes, the…
How to Verify Domain Ownership: A Technical Deep Dive
Domain ownership verification is a fundamental security mechanism that proves you control a specific domain. Whether you’re setting up email authentication, SSL certificates, or integrating third-party services, understanding domain verification methods is essential for modern web development. In this article,…
Modern Vulnerability Detection: Using GNNs to Find Subtle Bugs
For over 20 years, static application security testing (SAST) has been the foundation of secure coding. However, beneath the surface, many legacy SAST tools still operate using basic techniques such as regular expressions and lexical pattern matching; essentially, sophisticated versions…
Designing Irreversible Security Release at Hyper-Scale: Lessons Learned From Things You Can’t Undo
What Makes a Change Irreversible? Reverting a line of code is easy, and most of the time, firmware is backward-compatible. But what if a piece of hardware is specifically designed not to take older firmware, and the only option is…
AI-Powered DevSecOps: Automating Security with Machine Learning Tools
The VP of Engineering at a mid-sized SaaS company told me something last month that stuck with me. His team had grown their codebase by 340% in two years, but headcount in security had increased by exactly one person. “We’re…
Zero Trust for Agents: Implementing Context Lineage in the Enterprise Data Mesh
Challenge: When Agentic Bots Become Primary Data Reader In large data platforms, AI agents now execute more data queries than human users. For teams that are running thousands of internal services, it is very common to have hundreds or thousands…
Prompt Injection Is the New SQL Injection: How Hackers Are Breaking into AI Systems
Why Prompt Injection Is the New Surface Attack and So Difficult by Design In December 2023, a Chevrolet dealership made headlines when users coaxed its ChatGPT-powered chatbot into “agreeing” to sell cars for $1. Just months earlier, in February, Microsoft’s…
HAIP 1.0 for Verifiable Presentations: Securing the VP Flow
In my previous article, I covered DPoP for securing the credential issuance (VCI) flow. This follow-up focuses on the Verifiable Presentation (VP) flow, in which a wallet presents credentials to a verifier. The VP Security Challenge Before HAIP, VP flows…
Secure AI Architecture for Payments: From Risk Signals to Real-Time Decisions
Most users tap Pay on Android and assume it’s simple. Behind that one tap, your app is juggling PCI rules, device security, fraud checks, and 3DS — usually inside a tight latency budget measured in hundreds of milliseconds. If all…
Securing AI/ML Workloads in the Cloud: Integrating DevSecOps with MLOps
The security engineer’s face went pale when she pulled up the access logs. Her team had deployed a fraud detection model to production three weeks earlier — standard stuff, containerized inference running on Kubernetes. Except someone had been quietly exfiltrating…