Category: DZone Security Zone

“Never trust, always verify.” This key principle has been ingrained into the cybersecurity lexicon since Forrester first popularized the concept of zero trust in 2009. Since then, zero trust has emerged as one of the most important frameworks in modern…

Read more →

In this tutorial, we’ll explore implementing a second-level cache in Hibernate using NCache. We’ll set up a Java application with Hibernate. Then we’ll configure NCache as the second-level cache. Finally, we’ll test the implementation to see how caching reduces the…

Read more →

It is common for microservice systems to run more than one instance of each service. This is needed to enforce resiliency. It is therefore important to distribute the load between those instances. The component that does this is the load…

Read more →

The venerable Raspberry Pi has been around for over a decade (officially created in 2009) and it has become a standard in many robotics, home automation, and other types of uses, especially for “makers” and other tinkerers. But it has…

Read more →

The venerable Raspberry Pi has been around for over a decade (officially created in 2009) and it has become a standard in many robotics, home automation, and other types of uses, especially for “makers” and other tinkerers. But it has…

Read more →

When we talk about security in cloud-native applications, broken access control remains one of the most dangerous vulnerabilities. The OWASP Top 10 lists it as the most prevalent security risk today, and for good reason: the impact of mismanaged permissions…

Read more →

In environments with AWS Cloud workloads, a proactive approach to vulnerability management involves shifting from traditional patching to regularly deploying updated Secure Golden Images. This approach is well-suited to a modern Continuous Integration and Continuous Delivery (CI/CD) environment, where the…

Read more →

AI-powered code completion tools like GitHub Copilot, co-developed by GitHub and OpenAI, likely need no introduction. Developers are rapidly embracing this evolving technology to aid them in their work. Copilot and other Large Language Model (LLM) based coding assistants suggest…

Read more →

This will be my last entry on the topic for a while. For context, I introduced the idea that folks don’t care about security, they care about outcomes in this post; and then I began exploring ways we, as IT…

Read more →

Securing sensitive information is more critical than ever. One of the key defenses in data protection is data at rest encryption, a method that safeguards information stored on devices such as hard drives, databases, and servers. Unlike data in transit,…

Read more →

Oracle CloudWorld 2024 showcased a range of innovations and strategic shifts that will significantly impact the work of developers, engineers, and architects across industries. From AI integrations to multi-cloud strategies, Oracle is positioning itself as a key enabler of digital…

Read more →

As financial services become increasingly digitized, the need for robust operational resilience has grown more critical. The Digital Operational Resilience Act (DORA), set to take effect on January 17, 2025, aims to establish a unified framework for Information and Communication…

Read more →

In the first part of this series, we set up a Mule app and a Salesforce Connected app for the OAuth JWT bearer token flow. In this second part, we’ll go through the required steps to set up mutual TLS…

Read more →

If you grew up in the US, chances are you have a memory of going to summer camp. Even if you didn’t attend one yourself, the camp experience of going away from home, learning all sorts of arts and crafts,…

Read more →

With the rapid development of Internet technology, server-side architectures have become increasingly complex. It is now difficult to rely solely on the personal experience of developers or testers to cover all possible business scenarios. Therefore, real online traffic is crucial…

Read more →

We’re going to set out on a mind-blowing tour around network security. Upon considering the nearness and risk posed by cyber threats in this epoch, it is important to prevent the threats so that they do not cause irreversible damage…

Read more →

Security is a top priority of every company. It’s not surprising: source code, the most critical asset of any organization, should be under reliable protection — especially in view of constantly rising threats. Ransomware, infrastructure outages, vulnerabilities, and other threats…

Read more →

In my last post, I discussed the issue of getting people to care about security, and how it’s largely due to a focus on security behaviors rather than security outcomes. In this post, I’m picking up where I left off,…

Read more →

The time for rapid technology development and cloud computing is perhaps the most sensitive time when security issues are of great importance. It is here that security will have to be injected into a process right from the beginning —…

Read more →

Secrets are the keys to manage and enhance the security of a software application. Secret keys play a pivotal role in the authentication, authorization, encryption/decryption, etc. of data flowing through the application. There are various types of secrets and few…

Read more →