Category: DZone Security Zone

What Is SIEM? SIEM stands for Security Information and Event Management. It is a software solution that provides real-time analysis of security alerts generated by network hardware and applications. SIEM collects log data from multiple sources such as network devices,…

Read more →

Ethereum has experienced dazzling growth in recent years. According to YCharts, the programmable blockchain now has approximately 220 million unique addresses. Linked to the increase in users is an explosion in the number of dApps. Global companies and startups across…

Read more →

Lately, I’ve come across a lot of discussions and articles about Spring’s feature called Profiles that are promoting them as a way to separate environment-specific configurations, which I consider a bad practice. Common Examples The typical way profiles are presented…

Read more →

Security in one’s information system has always been among the most critical non-functional requirements. Transport Layer Security, aka TLS and formerly SSL, is among its many pillars. In this post, I’ll show how to configure TLS for the Apache APISIX…

Read more →

In this article, we’re going to discuss the CVE-2020-36620 vulnerability and see how a NuGet package for converting string to enum can make a C# application vulnerable to DoS attacks. Imagine a server application that interacts with a user. In…

Read more →

The Current State of AWS Log Management Security professionals have used log data to detect cyber threats for many years. It was in the late 1990s when organizations first started to use Syslog data to detect attacks by identifying and…

Read more →

The Java 9 release in 2017 saw the introduction of the Java Module System. This module system was developed directly for the Java language and is not to be confused with module systems such as IntelliJ Idea or Maven. The…

Read more →

Users expect to be able to use apps across devices and browsers. As a result, you must conduct thorough different API testing types to understand how well it works and whether it can perform its primary functions. Some testers need…

Read more →

Penetration testing, also known as pen testing, is the process of testing a computer system, network, or web application to find vulnerabilities and weaknesses that hackers can exploit. The goal of a penetration test is to identify and report vulnerabilities…

Read more →

While government agencies always put their best foot forward in offering seamless and secure customer services to their citizens, several employees, resources, and third-party contractors share a lot of sensitive information.  And here’s where the risk of data theft increases…

Read more →

Status pages are now an essential service offered by all Software-as-a-Service companies. To help their adoption, startups quickly conceived status pages as-a-service, and open-source self-hosted alternatives were made available. Cachet, also sometimes referred to as CachetHQ, is a broadly adopted…

Read more →

The benefits of adopting cloud-native practices have been talked about by industry professionals ad nauseam, with everyone extolling its ability to lower costs, easily scale, and fuel innovation like never before. Easier said than done. This article has been indexed…

Read more →

Setting up a VPN server to allow remote connections can be challenging if you set this up for the first time. In this post, I will guide you through the steps to set up your own VPN Server and connect…

Read more →

What Is OpenSSL Command? OpenSSL is an open-source-based implementation of the SSL protocol, with versions available for Windows, Linux, and Mac OS X. It is a highly versatile tool used to create CSRs (Certificate Signing Requests) and Private Keys as…

Read more →

In public key cryptography, the combination of private and public keys is considered the primary component. Both the keys come in pairs. So a public or private key will only function with the associated public or private key. It means…

Read more →

XDR is a security system that has been designed to collect, correlate and contextualize alerts from a range of different solutions across servers, applications, networks, endpoints, cloud workloads, and other areas. It incorporates SaaS-based, cloud-native technology. What Is XDR?  XDR…

Read more →

The world runs on data. Data scientists organize and make sense of a barrage of information, synthesizing and translating it so people can understand it. They drive the innovation and decision-making process for many organizations. But the quality of the…

Read more →

You work for any software deployment project, you deploy code in multiple environments and test it.  You test the site with HTTP, not HTTPS. Why? you need an SSL certificate for it. Getting a certificate for a lower environment could…

Read more →

For the first time since 2019, the “world’s largest developer and engineering expo” was back in person, this time in Oakland in February: DeveloperWeek 2023! Approximately 2000 attendees, speakers, and exhibitors got together face to face to meet and talk…

Read more →

In a recent project, I worked with a client who was managing over 100 accounts and recently adopted AWS Control Tower. Despite this, I noticed that the management of CIDR ranges was still a manual process and all IP ranges…

Read more →

Workstations, laptops, and smartphones are no longer the only web-enabled electronic devices in workplaces. The rise of wearables and the Internet of Things has added more gadgets that connect to the internet at home. This has created more conveniences but…

Read more →

Cybersecurity experts are always learning the latest methods criminals are using to break into networks and steal data — but sometimes the criminals don’t need nefarious solutions. Especially not when people take an average of 277 days to recognize a…

Read more →

Developers and DevOps teams have embraced the use of containers for application development and deployment. They offer a lightweight and scalable solution to package software applications. The popularity of containerization is due to its apparent benefits, but it has also…

Read more →

The advancement in disruptive technologies has given rise to a plethora of opportunities for miscreants to fuel cyber sabotage and data integrity risk. The proliferation of cloud-based technologies has accelerated the process of data exchange and sharing—data is more easily…

Read more →

Imagine burglars have stolen the keys to your home, which they then use to get inside and take whatever they want without being detected. A privileged account access breach is a bit like this. Cybercriminals can gain access to a…

Read more →

What Does ERR_SSL_PROTOCOL_ERROR Mean? ERR_SSL_PROTOCOL_ERROR is an error message that Chrome shows when a website has a problem with the SSL/TLS certificate. SSL/TLS is the protocol that encrypts data between your browser and the web server, and it’s essential for…

Read more →

As a software developer with over a decade of experience, I’ve witnessed firsthand the evolution of software development practices. One such practice that has gained significant traction in recent years is DevSecOps. In my opinion, DevSecOps is a necessary evolution…

Read more →

In this article, we will discuss authentication and authorization using the JWT token and different cryptographic algorithms and techniques. So, we will be looking at the following things one by one: Introduction of JWT Token Why JWT Token? Structure of…

Read more →

The Southwest Airlines fiasco from December 2022 and the FAA Notam database fiasco from January 2023 had one thing in common: their respective root causes were mired in technical debt. At its most basic, technical debt represents some kind of…

Read more →

The blockchain space has gained considerable momentum over the past few years. Cryptocurrency remains this technology’s most widely recognized use case, but new applications and benefits emerge as it grows. For example, supply chain optimization is one less glamorous but…

Read more →

In the world of computing, security plays a crucial role in safeguarding resources. Over the past decade, various security models have been created to ensure the confidentiality, integrity, and availability of information. They present methods that organizations can adopt to…

Read more →

Application modernization has become a hot topic in recent years as organizations strive to improve their systems and stay ahead of the competition. From improved user experience to reduced costs and increased efficiency, there are many reasons companies consider modernizing…

Read more →

Quick Introduction to the Software Supply Chain Recently, “software supply chain attack” has been breaking all the news headlines. One infamous example is the SolarWinds attack or the 2020 United States federal government data breach. In fact, according to a…

Read more →

The RSA algorithm is a commonly used method for secure data transmission in the field of cryptography. It is a type of public-key encryption, which means that it uses two different keys for the encryption and decryption process: a public…

Read more →

Lots of companies are eager to provide their identity provider: Twitter, Facebook, Google, etc. For smaller businesses, not having to manage identities is a benefit. However, we want to avoid being locked into one provider. In this post, I want…

Read more →

Whether you’re at a startup, enterprise, or something in between, authorization and access control are likely major pain points for your team. This week on Dev Interrupted, we talk to Omri Gazitt, co-founder and CEO of Aserto. Omri joins us…

Read more →

AWS multi-account strategy is a powerful method of managing multiple AWS accounts within an organization. It is designed to help organizations scale and manage their cloud infrastructure more effectively while maintaining security and compliance. In this article, we will explore…

Read more →

Learning Adaptability A few weeks ago, my laptop crashed during a meeting. It was painful as I was about to start on an exciting new feature that my Product Owner (PO) had just proposed. I immediately rushed to the IT…

Read more →

In this article, we are going to discuss dependency injection and its usage and benefits. We will also discuss different ways to implement dependency injection. Prerequisites Basic understanding of the C# programming language. Understanding of Object-Oriented programming. Basic understanding of…

Read more →

One of the biggest concerns when using Kubernetes is whether we are complying with the security posture and taking into account all possible threats. For this reason, OWASP has created the OWASP Kubernetes Top 10, which helps identify the most…

Read more →

An API (Application Programming Interface) acts as an intermediary between two distinct software applications, enabling seamless communication and data exchange. By providing a standardized interface, APIs offer developers the ability to access specific functionalities or data from another software application…

Read more →

Organizations worldwide store 60% of their data in the cloud. The popularity of cloud computing will be undisputed in 2023 and is predicted to grow in future years. The main benefits of using cloud storage and computing services to run…

Read more →

What Is Product Security? Product Security is a process within the Cybersecurity function which aims to deliver a secure product, which includes the organization’s Web applications, Web services, Mobile applications, or any hardware manufactured. This focuses on considering security at…

Read more →

If you have ever encountered the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, you may have been puzzled by what it means and how to fix it. In this post, we will explain what causes this error and provide some tips on how to resolve…

Read more →

In any organization, it is a best security practice to have an SSL certificate installed on servers, applications, and databases. To get an SSL certificate, the first step is to have or build a Certificate Authority (CA). SSL Certificates and…

Read more →

As the use of artificial intelligence (AI) grows more widespread, it is finding its way into cybersecurity. According to research from Markets and Markets, global organizations are projected to spend $22.4 billion on AI solutions for cybersecurity this year. Usama…

Read more →

There is a common problem most backend developers face at least once in their careers: where should we store our secrets? It appears to be simple enough, we have a lot of services focusing on this very issue, we just…

Read more →

Last week, I wrote about putting the right feature at the right place. I used rate limiting as an example, moving it from a library inside the application to the API Gateway. Today, I’ll use another example: authentication and authorization.…

Read more →

Since the first introduction of the term DevOps, it seems that new ‘Ops” related terms pop up as quickly as technology trends. For example: AIOPs: Enhance and automate various IT processes with AI. MLOps: Develop, deploy, and manage machine learning.…

Read more →

On Randomness in Data Picking a random number might seem to be a no-brainer for us humans. We just close our eyes and say the first number that comes to our minds. But is this really the case for computers?…

Read more →

Making the test readable and maintainable is a challenge for any software engineer. Sometimes, a test scope becomes even more significant when we need to create a complex object or receive information from other points, such as a database, web…

Read more →

IAM stands for “Identity and Access Management.” IAM provides answers to the fundamental question in DevOps: “Who can access what?” The roots of IAM go back to the early days of computing, where users of UNIX systems needed a username…

Read more →

We live in a world where applications are used to do everything, be it stock trading or booking a salon, but behind the scenes, the connectivity is done using secrets. Secrets, such as database passwords, API keys, tokens, etc., must…

Read more →

Testing is a best-case scenario to validate the system’s correctness. But, it doesn’t predict the failure cases that may occur in production. Experienced engineering teams would tell you that production environments are not uniform and full of exciting deviations. The…

Read more →

The 2023 conference season officially kicked off on February 1st in Seattle. Over 1000 attendees, speakers, and security tool vendors gathered in Seattle for CloudNativeSecurityCon, the first stand-alone, in-person event of its kind. Over the course of 2 days and over…

Read more →

APIs (Application Programming Interfaces) are used to connect software applications, allowing them to share data and functionality. APIs are an essential part of modern software development, enabling developers to create more powerful and complex applications. However, APIs can also pose…

Read more →

A few days ago, I read an article by the author of Core-js. To be honest, it was my first time hearing about Core-js. As someone who has written some front-end code and has been keeping up with open source…

Read more →

Telecoms fraud is a prevalent and ever-evolving issue that affects both business and individual customers in the telecommunications industry. It encompasses a range of fraudulent and abusive activities that can cause significant financial damage to companies and individuals alike. Ranging…

Read more →

I recently gave a talk at CNCF Security Conference North America on the subject of zero-trust computing. In this post, I’ll provide an overview of the material from that talk, discussing how zero-trust computing is supported at the module, runtime,…

Read more →

Most apps have some sort of authentication. For this post, we will see how this flow works using Google’s One Tap sign-in, Firebase, and Amity. The tech stack we will be using is: This article has been indexed from DZone…

Read more →

Where It Started: History of Angular and React Angular  AngularJS was developed by Google (by Igor Minar, a former Google employee) as an open-source framework for developing Single Page Applications (SPA).  Other companies such as Netflix, Microsoft, PayPal, and more…

Read more →

Artificial intelligence (AI) is transforming the way we live and work in many ways, and cybersecurity is no exception. As AI becomes more and more advanced and accessible, it is changing the way we protect our systems and data against Cyber…

Read more →

Data masking, as we know, obscures sensitive information by replacing it with realistic but fake values, making it suitable for use in testing, demonstrations, or analytics.  It preserves the structure of the original data while altering its values through sophisticated…

Read more →

There is a common problem most backend developers face at least once in their careers: where should we store our secrets? It appears to be simple enough, we have a lot of services focusing on this very issue, we just…

Read more →

What Is Distributed Tracing? The rise of microservices has enabled users to create distributed applications that consist of modular services rather than a single functional unit. This modularity makes testing and deployment easier while preventing a single point of failure…

Read more →

Vendor security assessments can be very complex, especially when it comes to analyzing modern solutions. Obsolete threat modeling principles and frameworks become extremely unreliable and tricky as complexity increases. Security analysis also becomes further intricate as it is not limited…

Read more →

Transitioning to a managerial role could be hard. One day, you are developing and reviewing code. The next day, you are handling not just individuals but a multitude of teams, evolving into a people person and leading your squad toward…

Read more →

Security in software development is a critical issue that is often addressed late in the software development process (SDLC). However, with the increasing demand for secure applications and systems, integrating security into all stages of the SDLC has become essential.…

Read more →

API-First is an approach to software development that emphasizes designing and developing the API as the primary focus of development. This approach offers many benefits, including increased flexibility, reduced development time, increased reliability, and easier testing. By developing the API…

Read more →

Microsoft offers an Azure Key Vault, which is responsible for storing and managing secrets, keys, and certificates. All of them are present in a Hardware Security Module (HSM) that adheres to the standards of the industry. This suggests that “EV Code…

Read more →

Kubernetes is an open-source container orchestration platform that helps manage and deploy applications in a cloud environment. It is used to automate the deployment, scaling, and management of containerized applications. It is an efficient way to manage application health with…

Read more →

With the modern patterns and practices of DevOps and DevSecOps, it’s not clear who the front-line owners are anymore. Today, most organizations’ internal audit processes have lots of toils and low efficacy. This is something John Willis, in his new…

Read more →

This article will describe how to set up an SSL in a Spring Boot application. Almost all articles recommend you create a Keystore file using the Java key tool, and it still could make sense, but something new came up.  This…

Read more →

In a microservices architecture, it’s common to have multiple services that need access to sensitive information, such as API keys, passwords, or certificates. Storing this sensitive information in code or configuration files is not secure because it’s easy for attackers…

Read more →

Static code analysis is a method of debugging that involves reviewing source code prior to running a program. It is accomplished by comparing a set of code against one set or several sets of coding rules. Static code analysis is…

Read more →

I attended Dynatrace Perform 2023. This was my sixth “Perform User Conference,” but the first over the last three years. Rick McConnell, CEO of Dynatrace, kicked off the event by sharing his thoughts on the company’s momentum and vision. The…

Read more →

HTTP 1 vs. HTTP 1.1 vs. HTTP 2: Key Differences Between the Three HTTP Versions Comparisons are common, and it is nothing different in the cybersecurity world. One such technology is hypertext transfer protocol (HTTP). This is why there is…

Read more →

Introduction As we move/migrate applications from on-prem to the cloud, some of the key architecture decisions regarding hybrid integration are with reference to FileShare between the cloud and on-prem systems/users. When a part of the ecosystem goes to the cloud,…

Read more →

There are multiple ways you can deploy your Nodejs app, be it On-Cloud or On-Premises. However, it is not just about deploying your application, but deploying it correctly. Security is also an important aspect that must not be ignored, and…

Read more →

Passwordless authentication is becoming an increasingly popular choice for developers. Even notable names like Slack, Notion, and PayPal are all transitioning to SMS, email, or social logins for their authentication. A driving factor for its increasing adoption is that it’s…

Read more →

What Is Amazon SQS? Amazon SQS (Simple Queue Service) is a message queue service that enables application components to communicate with each other by exchanging messages. This is widely used to build event-driven systems or decouple services on AWS. Features…

Read more →

Innovative technologies are rapidly evolving, and blockchain is one such out-of-the-box invention. It helps users to transact securely and safely. Hence, the demand for blockchain application development is increasing. And this is when the app development frameworks come into play.…

Read more →

Because of the increasing number of cyberattacks, security has become an integral element of SDLC (Software Development Lifecycle). Secure software development is a requirement to protect software from cybercriminals and hackers, minimize any vulnerabilities, and maintain users’ privacy. In this…

Read more →

Currently, and for quite a while now, most developments are done under the umbrella of a framework. If we focus on the front end and JavaScript, we can find dozens of frameworks. It is challenging to reuse graphical interface elements…

Read more →

In the past few years, there has been a growing number of organizations and developers joining the Docker journey. Containerization simplifies the software development process because it eliminates dealing with dependencies and working with specific hardware. Nonetheless, the biggest advantage…

Read more →

Summary It is of utmost importance for enterprises to protect their IT workloads, running either on AWS or other clouds, against a broad range of malware (including computer viruses, worms, spyware, botnet software, ransomware, etc.  AWS GuardDuty Malware Protection service…

Read more →

Most engineers don’t want to spend more time than necessary to keep their clusters highly available, secure, and cost-efficient. How do you make sure your Google Kubernetes engine cluster is ready for the storms ahead?  Here are fourteen optimization tactics…

Read more →

Introduction Mobile app development is an evolving field, with new trends and technologies emerging every year. In other words, it’s rapidly changing and evolving and taking a key role. In recent years, there has been a significant increase in the…

Read more →

An IoT (Internet of Things) gateway is a device that acts as a bridge between connected IoT devices and other networks, such as the Internet. It provides a centralized platform for managing and processing data from multiple IoT devices and…

Read more →

In my previous articles, we discussed what Policy-as-Code is, why we need it, and how to use the Open Policy Agent (OPA) tool. If you haven’t read the introduction yet, please take some time to read it first here.  Following…

Read more →

As Kubernetes has become the de-facto platform to orchestrate containerized workloads, more users have begun to look for ways to control and secure their Kubernetes clusters. Hardening is a thing for sure, but what about enforcing policies inside a cluster?…

Read more →

Testing your digital platforms as part of a digital experience program is a vital element of ensuring that your customers have a seamless and user-friendly experience as they interact with your digital platforms. Of course, as with any other aspect…

Read more →

Cyberattacks targeting resource credentials such as session tokens are on the rise.  Recent high-profile cases such as the source code leaks of Slack’s GitHub repositories in January 2023, CircleCI in January 2023, and before that, GitHub accounts in April 2022…

Read more →

Are you utilizing Docker to deploy your applications? If so, you’re not alone. The use of Docker has skyrocketed in popularity in recent years. While it offers numerous benefits, it also introduces new security risks that need to be addressed.…

Read more →

I’ve been a Java developer long enough to remember the excitement when Sun introduced the concept of serialization in the JVM. In the world of C, we could just write a struct into a file, but this was always problematic.…

Read more →

AI is catapulting every sector into innovation and efficiency as machine learning provides invaluable insights humans never previously conceived. However, because AI adoption is widespread, threat actors see opportunities to manipulate data sets to their advantage. Data poisoning is a…

Read more →

I had the opportunity to catch up with Andi Grabner, DevOps Activist at Dynatrace, during day two of Dynatrace Perform. I’ve known Andi for seven years, and he’s one of the people that has helped me understand DevOps since I…

Read more →

In the first part of this article, we have seen how to set up a simple scenario with a Spring Cloud Config server and the client counterpart. The server was set with a native profile, and the configuration was stored in…

Read more →

Data governance is one of the most important undertakings for businesses today. Regulations like the GDPR and CCPA require organizations to have thorough insight and control over their data, and the costs of poor-quality information keep climbing. An effective governance…

Read more →

Cloud automation refers to the process of using technology to automate the deployment, management, and scaling of applications and infrastructure in a cloud computing environment. This can include tasks such as provisioning and configuring virtual machines, managing storage and networking…

Read more →