Category: DZone Security Zone

Delivering secure application services free from exposed vulnerabilities — without imposing overbearing authentication controls that frustrate users, or draconian code review requirements that inhibit developer innovation — is a challenge as old as the internet itself.  Organizations naturally prioritize building…

Read more →

Over the last decade, the eBPF open-source project quietly laid the groundwork for major evolutionary gains in Linux subsystems and how they keep pace with the new world of microservices and distributed applications. Today, that foundation has made possible eBPF…

Read more →

Golden Amazon Machine Images (AMIs) are the foundation for launching consistent and efficient instances in your AWS cloud environment. Ensuring their security and immutability is paramount. This guide delves into how Software Bill of Materials (SBOMs), cryptographic signing, and runtime…

Read more →

In an era where digital transformation is rapidly advancing, the importance of cybersecurity cannot be overstated. One of the essential aspects of maintaining robust security is penetration testing, commonly known as pentesting. This guide aims to provide beginners with a…

Read more →

Recently in one of my projects, there was a requirement to create JWT within the MuleSoft application and send that as an OAuth token to the backend for authentication. After doing some research, I got to know several ways to…

Read more →

What Is the regreSSHion Vulnerability (CVE-2024-6387)? regreSSHion is a newly discovered vulnerability in OpenSSH that affects glibc-based Linux systems. regreSSHion (CVE-2024-6387) may allow arbitrary code execution with root privileges on systems with default configurations. Why Is Everyone Worried About the…

Read more →

Zero-day threats are becoming more dangerous than ever. Recently, bad actors have taken over the TikTok accounts of celebrities and brands through a zero-day hack. In late May to early June, reports of high-profile TikTok users losing control over their…

Read more →

Deploying microservices in a Kubernetes cluster is critical in 5G Telecom. However, it also introduces significant security risks. While firewall rules and proxies provide initial security, the default communication mechanisms within Kubernetes, such as unencrypted network traffic and lack of…

Read more →

In 2024, GitGuardian released the State of Secrets Sprawl report. The findings speak for themselves; with over 12.7 million secrets detected in GitHub public repos, it is clear that hard-coded plaintext credentials are a serious problem. Worse yet, it is a…

Read more →

Today’s network infrastructure is rapidly changing with the adoption of hybrid and multi-cloud architectures to leverage the benefits of flexibility, scalability, and redundancy. These advantages come with their own set of challenges, particularly in securing access to resources and users spread…

Read more →

The world of online security may seem complex, but understanding the basics of how SSL certificates work and why HTTPS is essential can empower you to make safer choices online. Just like Jane, you can navigate the digital landscape with…

Read more →

The use of Blockchain technology is growing rapidly. The creation of decentralized applications is rising. The issues that need solving include cross-chain interoperability. It lets dApps easily connect and work with different blockchains. Improvement of the dApps is also needed.…

Read more →

In the fast-changing world of tech, companies must get their apps out quickly but can’t forget to keep them safe. Gone are the days when security checks happened only after making the app. Now, there’s an intelligent way called DevSecOps…

Read more →

Spoofing is a type of cyber-attack used by hackers to gain unauthorized access to a computer or a network, IP spoofing is the most common type of spoofing out of the other spoofing method. With IP Spoofing the attacker can…

Read more →

Whether on the cloud or setting up your AIOps pipeline, automation has simplified the setup, configuration, and installation of your deployment. Infrastructure as Code(IaC) especially plays an important role in setting up the infrastructure. With IaC tools, you will be…

Read more →

In today’s digital landscape, web application security has become a paramount concern for developers and businesses. With the rise of sophisticated cyber-attacks, simply reacting to threats after they occur is no longer sufficient. Instead, predictive threat analysis offers a proactive…

Read more →

First, let’s explore the practical applications and advantages of deploying IPSec over SD-WAN. 1. Branch Office Connectivity Secure branch-to-branch communication: Securely connects branch offices to each other and to the headquarter using IPSec tunnels over SD-WAN, IPSec provides encrypted and…

Read more →

You’ve probably heard a lot about zero-trust security lately, and for good reason. As we move more of our applications and data to the cloud, the traditional castle-and-moat approach to security just doesn’t cut it anymore. This makes me come to the…

Read more →

Generative AI (GenAI) has shown immense potential in transforming various sectors, from healthcare to finance. However, its adoption at scale faces several challenges, including technical, ethical, regulatory, economic, and organizational hurdles. This paper explores these challenges and proposes prompt decomposition…

Read more →

Honeypots are the digital traps used by cybersecurity professionals to lure in attackers. These traps imitate real systems and services, such as web servers or IoT devices, to appear as genuine targets. The goal of a honeypot is to deceive…

Read more →