Category: DZone Security Zone

In the ever-evolving landscape of microservices development, Helidon has emerged as a beacon of innovation. The release of Helidon 4 brings forth a wave of enhancements and features that promise to redefine the way developers approach microservices architecture. In this…

Read more →

How We Used to Handle Security A few years ago, I was working on a completely new project for a Fortune 500 corporation, trying to bring a brand new cloud-based web service to life simultaneously in 4 different countries in…

Read more →

Resilience refers to the ability to withstand, recover from, or adapt to challenges, changes, or disruptions. As organizations increasingly embrace the microservices approach, the need for a resilient testing framework becomes important for the reliability, scalability, and security of these…

Read more →

In the domain of digital security, password hashing stands as a critical line of defense against unauthorized access. However, the landscape of hashing algorithms has evolved significantly, with some methods becoming obsolete and newer, more secure techniques emerging. This article…

Read more →

On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act (CRA). According to the press release following the vote: This article has been indexed from DZone Security Zone…

Read more →

I’ve been deeply immersed in the world of developer products for the past decade, and let me tell you, I’ve been quite an open-source enthusiast. Over the years, I’ve had the pleasure (and occasional pain) of shepherding open-source projects of…

Read more →

Modern dating apps have long been a familiar part of our daily lives. Ten years ago, Tinder, Mamba, Pure, and others turned traditional ideas about dating and relationships upside down. Whether we like it or not, dating apps have started…

Read more →

Despite years of discussing DevSecOps, achieving security and development collaboration remains an uphill battle in most organizations. This article explores why real-world DevSecOps adoption lags behind expectations, common barriers faced, and how the Stream Security platform bridges visibility and policy…

Read more →

The article Deploy Keycloak single sign-on with Ansible discussed how to automate the deployment of Keycloak. In this follow-up article, we’ll use that as a baseline and explore how to automate the configuration of the Keycloak single sign-on (SSO) server,…

Read more →

The Payment Card Industry Data Security Standard (PCI-DSS) version 4.0 will change almost everything about security for any business or organization that accepts electronic payments, which is a vast majority of them. And make no mistake, this update will be…

Read more →

Virtual Private Network (VPN) servers are proxy servers that people use daily when browsing the Internet. They use it because it shields them from being tracked by websites. As most of us are aware, websites track their visitors for advertising…

Read more →

In the digital era, where data has become the backbone of businesses, it becomes very important to ensure its security and privacy. The huge growth in cloud computing, wherein data is stored and processed remotely, gave rise to various measures…

Read more →

Come along with me as I learn about blockchain and web3: the good, the bad, why it’s needed, how to learn it, and, in the end, if it’s really what it’s hyped up to be. Web3 is a new vision…

Read more →

Ransomware is a massive threat, and like all types of cybercrime, it’s always evolving. Consequently, you must learn what vulnerabilities are targeted to stay safe. Remote desktop protocol (RDP) is one of the most significant of those weaknesses today. What…

Read more →

This is an article from DZone’s 2023 Enterprise Security Trend Report. For more: Read the Report In recent years, developments in artificial intelligence (AI) and automation technology have drastically reshaped application security. On one hand, the progress in AI and…

Read more →

1. Start With a Minimal Base Image Starting with a basic, minimum image is essential when creating Docker images. This method minimizes security concerns while shrinking the image size. For basic base images, Alpine Linux and scratch (an empty base…

Read more →

Every organization dealing with information processing eventually faces the challenge of securely storing confidential data and preventing its leakage. The importance of this issue for a company depends on the potential damage a data breach could cause. The greater the…

Read more →

Artificial Intelligence (AI) has undeniably transformed various aspects of our lives, from automating mundane tasks to enhancing medical diagnostics. However, as AI systems become increasingly sophisticated, a new and concerning phenomenon has emerged – AI hallucination. This refers to instances…

Read more →

This is an article from DZone’s 2023 Enterprise Security Trend Report. For more: Read the Report In the ever-evolving landscape of mobile applications, the seamless integration of cloud-native technologies has become a cornerstone for innovation, speed, and efficiency. As organizations…

Read more →

In the realm of modern digital integration, Application Programming Interfaces (APIs) have become the linchpin of connectivity, enabling seamless interactions between diverse applications and systems. However, managing APIs effectively is no longer just about designing and deploying them—it’s also about harnessing…

Read more →

Welcome to the next article in our series on mastering API integration, specifically tailored for the fintech industry. In this article, we will explore the transformative role of Artificial Intelligence (AI) in API management within the fintech sector. As product managers,…

Read more →

The battle between human users and sneaky bots is a constant struggle in the ever-evolving cybersecurity landscape. And the conventional defense mechanisms, including CAPTCHAs, have been a reliable shield for a long.  However, with the sophistication of cyberattacks and bots…

Read more →

This is an article from DZone’s 2023 Enterprise Security Trend Report. For more: Read the Report If you’ve ever explored regulatory compliance and cybersecurity, you’ll understand the importance of continuous compliance in the digital age, where evolving technology and regulations…

Read more →

This is an article from DZone’s 2023 Enterprise Security Trend Report. For more: Read the Report Effective application security relies on well-defined processes and a diverse array of specialized tools to provide protection against unauthorized access and attacks. Security testing…

Read more →

In the world of enterprise technology, shared platforms like Kafka, RabbitMQ, Apache Flink clusters, data warehouses, and monitoring platforms are essential components that support the robust infrastructure leading to modern microservices architectures. We see shared platforms acting as mediators between…

Read more →

You’ve conquered the initial hurdle, learning to code and landing your dream job. But the journey doesn’t end there. Now comes the real challenge: writing good code. This isn’t just about functionality; it’s about crafting elegant, maintainable code that stands…

Read more →

What Is Data Governance? Data governance is a framework that is developed through the collaboration of individuals with various roles and responsibilities. The purpose of this framework is to establish processes, policies, standards, and metrics that help organizations achieve their goals.…

Read more →

This is an article from DZone’s 2023 Enterprise Security Trend Report. For more: Read the Report DevSecOps — a fusion of development, security, and operations — emerged as a response to the challenges of traditional software development methodologies, particularly the…

Read more →

The first impression most of us have about AI is likely from the sci-fi movies where robots overpower humans. Remember the films like “Terminator” or novels like “Robopocalypse”? Given the pace of development in the space of AI, we are…

Read more →

This is an article from DZone’s 2023 Enterprise Security Trend Report. For more: Read the Report Today, safeguarding assets is not just a priority; it’s the cornerstone of survival. The lurking threats of security breaches and data leaks loom larger…

Read more →

Operational technology (OT) refers to industrial systems and controls that perform physical work, such as Programmable Logic Controllers (PLCs) and Supervisory Control and Device Acquisition (SCADA) systems. OT systems are ubiquitous across all critical infrastructure industries, such as Oil and…

Read more →

Digital wallets are electronic systems that securely store payment information digitally. They make it easy to make electronic transactions online or in stores without using physical cards. Digital wallets are designed for convenience and often include security features to protect…

Read more →

Of course, the advent of the internet has facilitated the sharing of important information all across the world. But the catch is that with such sharing options at everyone’s disposal, there comes a risk of leakage of confidential data. And…

Read more →

In the dynamic landscape of communication and collaboration, Slack has emerged as a powerful platform for teams to connect and work seamlessly. The integration of GPT (Generative Pre-trained Transformer) with Slack, powered by React, takes this collaboration to new heights.…

Read more →

The Poconos mountain region is most famous for its skiing and snowboarding. Located west of the hustle and bustle of New York City and north of Philadelphia, the Poconos are a quick drive from the hectic city life to some…

Read more →

Data has risen to become the most valuable resource in the digital age. A massive amount of data needs to be gathered, processed, and analyzed in real-time as a result of the Internet of Things (IoT), artificial intelligence, and cloud…

Read more →

When I’m asked about privacy and security issues that the IT industry faces today, the most generic idea that comes up is “do everything with privacy in mind.” This can be applied to any stage and part of the development…

Read more →

Virtual desktops, a recent technological advancement that has revolutionized the way people use and interact with their computers, have advanced technology. A virtual desktop, also referred to as a virtual desktop infrastructure (VDI), is a virtualized computing environment that enables…

Read more →

In this article, you’ll use Ansible to simplify and automate the installation of Keycloak, a popular open-source tool to implement single sign-on for Web applications.  The tutorial in this article builds on an Ansible Collection named middleware_automation.keycloak, which has been…

Read more →

Generative AI (GenAI) tools powered by Large Language Models (LLM) are transitioning from a captivating vision to a tangible reality as businesses realize their potential for reshaping industries and fostering creativity. Its capabilities, from crafting engaging content to generating realistic…

Read more →

Mobile application security isn’t a component or an advantage – it is a minimum essential. One break could cost your organization not only a large number of dollars but rather a lifetime of trust. That is the reason security ought…

Read more →

Understanding the Pervasive Landscape of Cybersecurity Threats Cyber threats are diverse and continually evolving, ranging from commonplace scams to highly sophisticated attacks. Let’s delve deeper into the nature of prevalent threats, gaining a nuanced understanding that will serve as the…

Read more →

Data Lineage It won’t be an exaggeration to say that the success of today’s business is driven by the data. Whether it be a small enterprise or a big business house, everyone has understood that data can give them an…

Read more →

Amazon MemoryDB for Redis has supported username/password-based authentication using Access Control Lists since the very beginning. But you can also use IAM-based authentication that allows you to associate IAM users and roles with MemoryDB users so that applications can use…

Read more →

In this article, we will delve into the intricacies of optimizing API lifecycles—an essential aspect for product managers navigating the dynamic landscape of digital integration. From conceptualization to retirement, understanding and implementing best practices throughout the API lifecycle is crucial…

Read more →

Identity Threat Detection and Response (ITDR) in the cloud is essential to limit access to sensitive data and maintain the integrity of cloud infrastructure. Leading cloud providers like AWS, Microsoft Azure, and Google Cloud have implemented robust Identity and Access…

Read more →

The pursuit of speed and agility in software development has given rise to methodologies and practices that transcend traditional boundaries. Continuous testing, a cornerstone of modern DevOps practices, has evolved to meet the demands of accelerated software delivery. In this…

Read more →

In the ever-evolving landscape of cloud-native computing, containers have emerged as the linchpin, enabling organizations to build, deploy, and scale applications with unprecedented agility. However, as the adoption of containers accelerates, so does the imperative for robust container security strategies.…

Read more →

With the rapid adoption of passkeys (and the underlying WebAuthn protocol), authentication has become more secure and user-friendly for many users. One of the standout advancements of passkeys has been the integration of Conditional UI, often referred to as “passkey…

Read more →

The unprecedented scalability, flexibility, and cost-efficiency offered by cloud computing have completely changed the way businesses operate. However, as businesses move their infrastructure and applications to the cloud, they encounter new difficulties in managing and keeping an eye on their…

Read more →

In today’s interconnected digital landscape, the proliferation of Application Programming Interfaces (APIs) has revolutionized the way systems communicate and exchange data. Yet, with this seamless connectivity comes the inherent vulnerability of exposing sensitive information to potential security threats. This underscores…

Read more →

This guide walks you through setting up a secure REST API using Nest.js in Node.js. We’ll create a login system with JWTs and implement best practices for token management and API security. Setting Up Nest.js Prerequisites: Node.js installed. This article…

Read more →

Modern-day software development approaches like DevOps have certainly reduced development time. However, tighter release deadlines push security practices to a corner. This blog explains how Shifting Security to the Left introduces security in the early stages of the DevOps Lifecycle,…

Read more →

In the ever-evolving landscape of digital integration, APIs (Application Programming Interfaces) serve as the conduits that connect disparate systems, enabling seamless communication and fostering innovation. As the architects of digital experiences, product managers play a crucial role in orchestrating these…

Read more →

In the dynamic landscape of digital product development, APIs (Application Programming Interfaces) have emerged as indispensable tools that not only connect systems but also play a pivotal role in shaping product roadmaps. In this exploration, we will unravel the multifaceted…

Read more →

Organizations are gradually becoming concerned regarding data security in several instances, such as collecting and retaining sensitive information and processing personal information in external environments, which include information sharing and cloud computing. Some of the commonly used solutions, however, do…

Read more →

As we step further into the digital age, the importance of data security becomes increasingly apparent. Our interactions, transactions, and even our identities are frequently translated into data, which is stored, transferred, and processed in the digital realm. When this…

Read more →

As teams moved their deployment infrastructure to containers, monitoring and logging methods changed a lot. Storing logs in containers or VMs just doesn’t make sense – they’re both way too ephemeral for that. This is where solutions like Kubernetes DaemonSet…

Read more →

Software projects are vulnerable to countless attacks, from the leak of confidential data to exposure to computer viruses, so any development team must work on an effective risk analysis that exposes any vulnerabilities in the software product. A well-executed risk…

Read more →

You probably are here because you leaked a secret somewhere and want to get straight to rotating the secret. If you are a solo developer or you know for sure you are the only user of the secret and understand…

Read more →

The U.S. Securities and Exchange Commission (SEC) recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. Some requirements apply to this year—for example, disclosures for fiscal years ending December 15, 2023, or…

Read more →

In the ever-evolving software development landscape, staying up-to-date with the latest technologies is paramount to ensuring your applications’ efficiency, security, and maintainability. As a stalwart in the world of programming languages, Java continues to transform to meet the demands of…

Read more →

The escalating frequency and sophistication of cyber threats pose a significant challenge in today’s interconnected world. With the rapid digitization of various sectors, the attack surface for malicious actors has expanded, making businesses, governments, and individuals more vulnerable to cyber…

Read more →

SPIRL is a full workload identity solution based on SPIFFE (Secure Production Identity Framework for Everyone). What does this mean? What is SPIFFE and isn’t it already for everyone? Or if not, how could “everyone” include more “everyone”? The most…

Read more →

In the ever-evolving digital landscape, data is often referred to as the “new oil,” serving as a crucial asset for businesses, researchers, and governments alike. As the volume, velocity, and variety of data grow, data management—encompassing facets like data integration,…

Read more →

In today’s dynamic digital landscape, secure and efficient access management is paramount for organizations navigating the complexities of remote work and diverse application landscapes and going through the digital transformation. Previously, the security plan for safeguarding on-prem/internal resources from attackers…

Read more →

When most people think of Santa Clara, they immediately think of the San Francisco 49ers, as that is where their stadium sits. They might also think of California’s Great America, an amusement park that has been keeping folks entertained since…

Read more →

Across diverse industries, spanning from manufacturing to healthcare, an abundance of sensors and other IoT devices diligently gather information and produce insightful data every day. Oftentimes, this data then needs to be passed down to some storage, processed accordingly, and…

Read more →

In the ever-expanding landscape of the Internet of Things (IoT), where billions of devices seamlessly communicate and exchange data, the importance of standards and protocols cannot be overstated. These essential frameworks serve as the connective tissue that enables interoperability, security,…

Read more →

Monitoring becomes a crucial component of managing and optimizing cloud environments as companies move their operations more and more to the cloud. The performance, availability, and security of cloud-based applications and infrastructure are ensured through continuous data collection, analysis, and…

Read more →

In an era where data has become the lifeblood of organizations, the term ‘metadata’ often floats around conference rooms and technical discussions. At its core, metadata is “data about data,” a concept that might seem simplistic but carries immense significance…

Read more →

The management and deployment of applications in containerized environments has been completely transformed by Kubernetes. Effective monitoring becomes increasingly important as Kubernetes is increasingly used by businesses to handle their container orchestration requirements. By providing users with insights into the…

Read more →

Python is a programming language that is designed for universal purpose. It aims to highlight the code readability with the help of significant indentation. It is portable, as it has the ability to run on multiple operating systems — for…

Read more →

Istio provides strong identities for workloads running in the mesh by default.  Istio control plane (Istiod) and Istio agents (that run on each pod, within the Envoy proxy container) work together to sign, distribute, and rotate X.509 certificates to workloads…

Read more →

In an era where data reigns supreme, integrating data management with business intelligence (BI) is no longer an option — it’s a strategic imperative. But this imperative is also fraught with challenges and complexities, given the unique attributes of each…

Read more →

One of the critical aspects of API management is authentication. This element not only safeguards sensitive data but also plays a pivotal role in shaping the user experience.  The Importance of API Authentication Just as keys unlock doors, authentication ensures…

Read more →

With its ability to scale, be flexible, and be cost-effective, cloud computing has completely changed how businesses operate. However, it can be difficult to manage and keep an eye on the intricate infrastructure of cloud environments. Tools for monitoring the…

Read more →

In the digital age, where data is the lifeblood of organizations, the cloud has emerged as a game-changer, providing unparalleled agility, scalability, and accessibility. However, this transformative technology comes with its own set of challenges, chief among them being the…

Read more →

Artificial intelligence has quickly and confidently filled the entire information space and is used everywhere. Numerous use cases for ChatGPT demonstrate its potential for multiple industries. According to data from Statista, one-quarter of American companies saved about $70,000 thanks to…

Read more →

It is human nature to start thinking about a problem after it has already occurred — we don’t like to learn from somebody’s mistakes, though it is a good idea. But what if we consider a situation when the GitHub…

Read more →

JWTs or JSON Web Tokens are most commonly used to identify authenticated users and validate API requests. Part of this verification process requires the use of cryptographic keys to validate the integrity of the JWT to make sure it has…

Read more →

In the rapidly evolving landscape of security technologies, remote video surveillance has emerged as a powerful tool to protect homes, businesses, and public spaces. Leveraging the advancements in camera technology, connectivity, and artificial intelligence, remote video surveillance provides a proactive…

Read more →

The three issues in A2P messaging that are costing brands significant money are: Price increases AIT Exclusivity deals The modern digital landscape, while providing unprecedented connectivity and convenience, has also given rise to a myriad of complex security challenges. One…

Read more →

Most organizations are migrating towards adopting cloud technologies, meaning that they essentially operate in cyberspace, so the risk of cyber attacks is now higher than ever. In recent years, organizations have begun to pay more attention to this threat, as…

Read more →

APIs have fast become a fundamental building block of modern software development. They fuel a vast range of technological advancements and innovations across all sectors. APIs are crucial to app development, the Internet of Things (IoT), e-commerce, digital financial services,…

Read more →

In the ever-evolving world of API development, MuleSoft emerges as a key player, offering immense potential for robust and reliable integrations. Drawing from diverse projects and collaborations, I’ve identified common API testing challenges that transcend industries. Let’s explore these challenges,…

Read more →

Security is critical in all phases of software development, including conception, creation, and release. DevSecOps is a practice that has grown in popularity as a means of assuring the security of a web application or software product. According to the…

Read more →

Hey there, I’m Roman, a Cloud Architect at Gart with over 15 years of experience. Today, I want to delve into the world of Load Balancers with you. In simple terms, a Load Balancer is like the traffic cop of…

Read more →

In today’s digital world, individuals and organizations interact with numerous online platforms and applications on a daily basis. Managing multiple usernames and passwords can be cumbersome, time-consuming, and prone to security risks. This is where Single Sign-On (SSO) comes to…

Read more →

HasMySecretLeaked is the first free service that allows security practitioners to proactively verify if their secrets have leaked on GitHub.com. With access to GitGuardian’s extensive database of over 20 million records of detected leaked secrets, including their locations on GitHub,…

Read more →

Atlanta’s Hartsfield-Jackson International Airport is the busiest in the world, serving over 93 million passengers to and from this international destination last year. There are many reasons to visit Atlanta, such as seeing the home of Coca-Cola, visiting the birthplace…

Read more →

Back with a fresh blog on Maven – no saga, just a simple update on an old project of mine. It’s like catching up with an old buddy and sharing what’s new. In this blog, we’ll dive into the world…

Read more →

As of 2022, the global market for digital twins was valued at $11.12 billion — and experts estimate an impressive annual growth rate of 37.5% from 2023 to 2030. Digital twins help connect the physical and virtual worlds, allowing workers…

Read more →

A DevOps service company can play a crucial role in assisting organizations with meeting ISO 27001 and GDPR compliance requirements by integrating security and compliance into their DevOps workflows. Such a provider can help with ISO 27001 and GDPR compliance…

Read more →

In the dynamic landscape of the Internet of Things (IoT), the convergence of Big Data and IoT software is both a boon and a puzzle for developers. The promise of harnessing vast volumes of real-time data from IoT devices to…

Read more →

Kubernetes (K8s), an open-source container orchestration system, has become the de-facto standard for running containerized workloads thanks to its scalability and resilience. Although K8s has the capabilities to streamline deployment processes, the actual deployment of applications can be cumbersome, since…

Read more →

Secure payment processing is vital for ensuring customers can shop safely on your app. Cyberattacks become more frequent each year, with a particular emphasis on stealing financial information. Luckily, you can implement a few best practices to simplify security and…

Read more →

In recent years, the number of cyberattacks has been steadily increasing, and applications have become increasingly targeted. According to a report by Verizon, web applications were the most common target of data breaches in 2022, accounting for over 40% of…

Read more →

In this article, we will delve into the crucial concept of an internal DevSecOps platform (IDSP) and why businesses need it.  The traditional approach of treating security as an afterthought or as a separate stage in the software development lifecycle…

Read more →

I wrote previously about the default configuration of Spring oauth-authorization-server. Now let’s jump into how we can customize it to suit our requirements. Starting with this article, we will discuss how we can customize the JWT token claims with default…

Read more →