Category: DZone Security Zone

With the rapid development of Internet technology, server-side architectures have become increasingly complex. It is now difficult to rely solely on the personal experience of developers or testers to cover all possible business scenarios. Therefore, real online traffic is crucial…

Read more →

We’re going to set out on a mind-blowing tour around network security. Upon considering the nearness and risk posed by cyber threats in this epoch, it is important to prevent the threats so that they do not cause irreversible damage…

Read more →

Security is a top priority of every company. It’s not surprising: source code, the most critical asset of any organization, should be under reliable protection — especially in view of constantly rising threats. Ransomware, infrastructure outages, vulnerabilities, and other threats…

Read more →

In my last post, I discussed the issue of getting people to care about security, and how it’s largely due to a focus on security behaviors rather than security outcomes. In this post, I’m picking up where I left off,…

Read more →

The time for rapid technology development and cloud computing is perhaps the most sensitive time when security issues are of great importance. It is here that security will have to be injected into a process right from the beginning —…

Read more →

Secrets are the keys to manage and enhance the security of a software application. Secret keys play a pivotal role in the authentication, authorization, encryption/decryption, etc. of data flowing through the application. There are various types of secrets and few…

Read more →

In this blog, you will learn how to get started with jOOQ, Liquibase, and Testcontainers. You will create a basic Spring Boot application and integrate the aforementioned techniques including a test setup. Furthermore, you will use Spring Boot Docker Compose…

Read more →

Kong Gateway is an open-source API gateway that ensures only the right requests get in while managing security, rate limiting, logging, and more. OPA (Open Policy Agent) is an open-source policy engine that takes control of your security and access…

Read more →

Developers may be aware of the lifecycle of service instances when using dependency injection, but many don’t fully grasp how it works. You can find numerous articles online that clarify these concepts, but they often just reiterate definitions that you…

Read more →

AI/ML tools and technologies heavily influence the modern digital landscape by introducing numerous use cases involving AI-based malware detection, preventing social engineering attacks, and threat identification and remediation. Many organizations have acknowledged AI/ML’s prominence in the cybersecurity threat landscape and…

Read more →

These days, it’s challenging to imagine systems that have public API endpoints without TLS certificate protection. There are several ways to issue certificates: Paid wildcard certificates that can be bought from any big TLS provider Paid root certificates that sign…

Read more →

Ever since people started putting their money into banks and financial institutions, other people have sought to steal those deposits or otherwise fraudulently obtain those protected assets. When someone asked infamous 1920s-era bank robber Willie Sutton why he robbed banks,…

Read more →

When developing an enterprise system — whether it is a completely new system or simply the addition of a new feature — it is not uncommon to need to retrieve a significant volume of records (a few hundred or even…

Read more →

The introduction of software has made remarkable changes to how business is conducted. “Back then,” people would meet in person, and most companies used manual methods, which were not scalable. Software has changed the game, and web applications are essential…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Kubernetes in the Enterprise: Once Decade-Defining, Now Forging a Future in the SDLC. Kubernetes is driving the future of cloud computing, but its security challenges…

Read more →

What Is Network Sniffing? Sniffing includes the passive interception of data packets crossing a network with further analysis. Initially, sniffing was developed to help network administrators troubleshoot connectivity problems, and since then, it has evolved into an important technique of…

Read more →

From a Java perspective, I’ve been the beneficiary of some pretty amazing features over the years: Generics (Java 5) Streams and Lambda Expressions (Java 8) Enhanced Collection Functionality (Java 9) Sealed Classes (Java 17) As key features become available, I’ve…

Read more →

As cloud networks continue to expand, security concerns become increasingly complex, making it critical to ensure robust protection without sacrificing performance. One key solution organizations use to achieve this balance is the deployment of Next-Generation Firewalls (NGFWs), which play an…

Read more →

In recent years, there has been a significant surge in the adoption of artificial intelligence (AI) and machine learning (ML) technologies across a wide range of industries. Frameworks such as TensorFlow, PyTorch, and Scikit-learn have emerged as popular choices for…

Read more →

In a world where cyber threats are just one click away (or just one QR code scan away), the old-school “castle and moat” security approach isn’t enough. Enter Zero Trust — a security model that flips the script, requiring every…

Read more →

In an era where software vulnerabilities can lead to catastrophic breaches, application security has never been more critical. Yet, for many developers, security remains a complex and often frustrating aspect of the development process.  At Black Hat 2024, I sat…

Read more →

Distributed services have indeed revolutionized the design and deployment of applications in the modern world of cloud-native architecture: flexibility, scalability, and resilience are provided by these autonomous, loosely coupled services. This also means that services add complexity to our systems,…

Read more →

Infrastructure as Code (IaC) became the de facto standard for managing infrastructure resources for many organizations. According to Markets and Markets, a B2B research firm, the IaC market share is poised to reach USD 2.3 Billion by 2027.  What Is Infrastructure as…

Read more →

In this article, we’ll discuss the importance of guarding your SaaS and the SaaS Security best practices you must implement in your Security checklist to ensure the proper functioning of your app. The seemingly unstoppable growth of SaaS platforms in the…

Read more →

In an era of increasingly complex regulatory landscapes, IT professionals face unprecedented challenges in managing data compliance. The evolving nature of regulations across various industries demands a proactive and sophisticated approach to data management. I spoke with Steve Leeper, VP…

Read more →

According to Fortune Business Insights, the global Software as a Service (SaaS) market is projected to grow from USD 317 billion in 2024 to USD 1.2 trillion by 2032, with a compound annual growth rate (CAGR) of 18.4%. This substantial…

Read more →

Nobody cares about security. There. I said it. I said the thing everyone feels, some people think, but very few have the temerity to say out loud. But before you call me a blasphemous heathen, I will ask for just…

Read more →

As artificial intelligence (AI) continues to revolutionize the tech industry, developers, engineers, and architects face a new challenge: managing the technical debt that comes with rapid AI adoption. Jeff Hollan, Head of Apps and Developer Tools at Snowflake, shares invaluable…

Read more →

When working on .NET applications, one main concern is safeguarding your code from unauthorized access, intellectual property theft, and reverse engineering. This can be achieved by implementing data and code protection techniques to protect the application. There are two main…

Read more →

Continuing on our fictitious financial company, Starlight, series of posts, here is how to set up a data lake on AWS with security as the primary thought. Introduction In the fast-moving financial industry, data is a core asset. Starlight Financial…

Read more →

Securing information is crucial as cyber-attacks are getting more sophisticated. Data residing in an unprotected state at rest (databases, stored files, and backups) pose one of the most significant risks. Data at rest encryption is necessary to guarantee that information…

Read more →

Securing distributed systems is a complex challenge due to the diversity and scale of components involved. With multiple services interacting across potentially unsecured networks, the risk of unauthorized access and data breaches increases significantly. This article explores a practical approach…

Read more →

As web technologies continue to advance, so do the methods and protocols designed to secure them. The OAuth 2.0 and OpenID Connect protocols have significantly evolved in response to emerging security threats and the growing complexity of web applications. Traditional…

Read more →

As a Node.js developer and security researcher, I recently stumbled upon an interesting security regression in the Node.js core project related to prototype pollution. This happened to be found while I was conducting an independent security research for my Node.js…

Read more →

As artificial intelligence (AI) continues transforming industries, organizations face increasing challenges in managing and utilizing data for AI initiatives. Recent industry surveys and expert insights highlight the critical role of effective data management in AI success. This article explores key…

Read more →

The Importance of Cybersecurity I firmly believe that in today’s cybersecurity expectations, software engineers should prioritize the security of their computer systems and internal IT networks. I would consider it to be a mistake to rely heavily on technology due…

Read more →

In 2019, a famous breach in Fortnite, the famous game, reportedly put millions of players at risk of malware. The incident highlighted the importance of properly securing SQL databases. But this is not an isolated issue. This article has been…

Read more →

< section> < article> The evolution of the internet over the past few decades has undeniably impacted how our societies function. From facilitating globalization to making new technology like social media and consumer apps available to nearly every person on…

Read more →

The rapid adoption of Generative AI (GenAI) and Large Language Models (LLMs) is transforming industries at an unprecedented pace. Nearly 90% of organizations are actively implementing or exploring LLM use cases, eager to harness the power of these revolutionary technologies.…

Read more →

Authentication and Authorization are big parts of the security puzzle that need to be solved by cloud architects and DevOps engineers. In this blog, we will specifically look at how to achieve authorization/access control; i.e., what actions the authenticated entity…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Enterprise Security: Reinforcing Enterprise Application Defense. Access and secrets management involves securing and managing sensitive information such as passwords, API keys, and certificates. In today’s…

Read more →

Big data systems are an increasingly common aspect of many business operations. As helpful as such a wealth of information is, these projects can dramatically impact an organization’s cybersecurity posture. Consequently, any company embracing this trend must also embrace the…

Read more →

One of the greatest wishes of companies is end-to-end visibility in their operational and analytical workflows. Where does data come from? Where does it go? To whom am I giving access to? How can I track data quality issues? The…

Read more →

In the ever-evolving world of cybersecurity, the relationship between developers and security professionals is crucial. At Black Hat 2024, industry experts shared their insights on how these two groups can work together more effectively to create more secure systems. This…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Enterprise Security: Reinforcing Enterprise Application Defense. With organizations increasingly relying on cloud-based services and remote work, the security landscape is becoming more dynamic and challenging…

Read more →

The swift progress in cloud technology has made data and application security an important requirement rather than just a preference. As more customer businesses are moving their operations to the cloud, safeguarding their cloud workloads — referring to all deployed applications and…

Read more →

Effective Salesforce data management and security are crucial for organizations aiming to maximize their CRM potential while safeguarding sensitive information. As Salesforce continues to be a cornerstone for customer relationship management, ensuring data integrity, accessibility, and security becomes increasingly vital.…

Read more →

TL; DR: Why Too Much Transparency Can Have a Detrimental Effect While transparency is often touted as essential in Agile, too much can have negative consequences. Oversharing can lead to micromanagement, misinterpretation, and loss of trust within the team. Examples…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Enterprise Security: Reinforcing Enterprise Application Defense. Threat hunting is a proactive cybersecurity strategy that actively searches for hidden threats throughout an organization’s entire digital environment.…

Read more →

According to Forbes, 1 out of 5 people are working remotely. With a more distributed workforce, enterprises have significantly changed their operation style, encompassing shifts in company culture, meeting structures, and a surge in Virtual and Augmented Reality. Along with them, the…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Enterprise Security: Reinforcing Enterprise Application Defense. In today’s cybersecurity landscape, securing the software supply chain has become increasingly crucial. The rise of complex software ecosystems…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Enterprise Security: Reinforcing Enterprise Application Defense. Full-stack security protects every layer of a software application, including the front end, back end, infrastructure, and network. It…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Enterprise Security: Reinforcing Enterprise Application Defense. Many companies wrongly believe that moving to the cloud means their cloud provider is fully responsible for security. However,…

Read more →

The effective de-identification algorithms that balance data usage and privacy are critical. Industries like healthcare, finance, and advertising rely on accurate and secure data analysis. However, existing de-identification methods often compromise either the data usability or privacy protection and limit…

Read more →

In the fast-paced and constantly evolving digital landscape of today, bad actors are always looking for newer and better methods to launch their attacks. As cybercriminal tactics evolve, they develop more sophisticated malware, more convincing scams, and attacks that are…

Read more →

In the ever-evolving landscape of cybersecurity, staying ahead of threats requires more than just keeping up with the latest technologies. As we delve into the insights shared by industry experts at Black Hat 2024, it becomes clear that some of…

Read more →

In cybersecurity, professionals are often divided into two distinct groups: Red Teams, which focus on offense, and Blue Teams, which focus on defense. Red Teaming involves ethical hacking. Here, security experts simulate cyberattacks to find vulnerabilities in a system before…

Read more →

In today’s digital landscape, data has become the lifeblood of organizations, much like oil was in the industrial era. Yet, the genuine hurdle is converting data into meaningful insights that drive business success. With AI and generative AI revolutionizing data…

Read more →

As artificial intelligence and large language models (LLMs) continue to revolutionize the tech landscape, they also introduce new security challenges that developers, engineers, architects, and security professionals must address. At Black Hat 2024, we spoke with Mick Baccio, Global Security…

Read more →

Data Subject Access Rights (DSAR)  In the previous articles (Part 1 and Part 2), we have seen the concept of BigID and how it enhances the data in an organization. In this article, let’s see what is Data Subject Access…

Read more →

Cross-Origin Resource Sharing (CORS) is an essential security mechanism utilized by web browsers, allowing for regulated access to server resources from origins that differ in domain, protocol, or port. In the realm of APIs, especially when utilizing AWS API Gateway, configuring…

Read more →

In a world where IT infrastructure underpins countless businesses and organizations, maintaining operational integrity during critical failures or outages is non-negotiable. A key element in achieving this is ensuring that your incident alert management system remains active and accessible under…

Read more →

Computer systems in the federal government must demonstrate that they are secure. The process is known as accreditation and the goal is to receive an Authority to Operate (ATO). The ATO allows the system to be put into production for…

Read more →

Creating a solid REST API in Java requires more than a basic grasp of HTTP requests and responses. Ensuring that your API is well-designed, maintainable, and secure is essential. This article will offer four critical tips to improve your REST…

Read more →

In cyber resilience, handling and querying data effectively is crucial for detecting threats, responding to incidents, and maintaining strong security. Traditional data management methods often fall short in providing deep insights or handling complex data relationships. By integrating semantic web…

Read more →

The 2024 Black Hat conference in Las Vegas brought together some of the most influential voices in cybersecurity, offering critical insights for security professionals navigating an increasingly complex digital landscape. From the philosophical underpinnings of software development to practical strategies…

Read more →

Product and infrastructure engineering teams are not always aligned with the interests of security engineering teams. While product and infrastructure focus on driving business value and delivering practical solutions, security focuses on detection, prevention, and remediation, which can seem less…

Read more →

Federal agencies manage highly classified sensitive data, including personal information, medical records, and tax and income details of all U.S. residents. In some cases, temporary visitor data are also retained. They also handle national security information, including susceptible documents, intergovernmental…

Read more →

As artificial intelligence and large language models (LLMs) continue to reshape the technological landscape, the importance of API security has never been more critical. In a recent interview at Black Hat 2024, Tyler Shields, Vice President of Product Marketing at…

Read more →

SQLi is one of the code injection techniques that may enable an attacker to modify the queries that the application provides to the database. By far the most frequent and severe web application security threats always hide in web applications that…

Read more →

The software landscape has undergone a profound transformation over the past two decades. In the past, a substantial portion of software was designed for local desktop use. However, today, the norm for computer users is to access web-based software services…

Read more →

In an era where technology and geopolitics intersect more than ever before, the importance of cybersecurity in maintaining democratic processes cannot be overstated. At Black Hat 2024, global leaders and local officials converged to discuss the challenges and strategies for…

Read more →

This article will explore the critical topic of creating effective exceptions in your Java code. Exceptions are crucial in identifying when something goes wrong during code execution. They are instrumental in managing data inconsistency and business validation errors. We will…

Read more →

Before we ponder this question, let’s first understand the major differences between an on-premise and a cloud data security product. An on-premise data security product means the management console is on the enterprise customer’s premises, whereas the security vendor hosts…

Read more →

< section name=”02b8″> Data is the backbone of AI systems, and though the concept of Big Data quenches the data thirst of most AI systems, most of the data is not fit for use readily. To fully understand the problem…

Read more →

Security plays a key role whether you are onboarding customer workloads to the cloud, designing and developing a new product, or upgrading an existing service. Security is critical in every leg of the software development life cycle (SDLC). Application security…

Read more →

Having worked with enterprise customers for a decade, I still see potential gaps in data protection. This article addresses the key content detection technologies needed in a Data Loss Prevention (DLP) product that developers need to focus on while developing…

Read more →

Among the most often used containerizing technologies in the realm of software development are Docker and Podman. Examining their use cases, benefits, and limitations, this article offers a thorough comparison of Docker and Podman. We will also go over useful…

Read more →

With the passing of time, new versions of the dependencies are released into the market. We need to update the respective dependencies versions in the project as these versions have new changes and fixes for the security vulnerabilities. It is…

Read more →

By now we’ve all heard about —  or been affected by — the CrowdStrike fiasco. If you haven’t, here’s a quick recap. An update to the CrowdStrike Falcon platform, pushed on a Friday afternoon, caused computers to crash and be…

Read more →

Docker is the obvious choice for building containers, but there is a catch: writing optimized and secure Dockerfiles and managing a library of them at scale can be a real challenge. In this article, I will explain why you may…

Read more →

One-time passwords are one of the most relied-on forms of multi-factor authentication (MFA). They’re also failing miserably at keeping simple attacks at bay. Any shared secret a user can unknowingly hand over is a target for cybercriminals, even short-lived TOTPs.…

Read more →

We often hear about the importance of developers and the role they play in the success of a business. After all, they are those craftsmen who create the software and apps that make businesses run smoothly.  However, there is one…

Read more →

The birth of AI dates back to the 1950s when Alan Turing asked, “Can machines think?” Since then, 73 years have passed, and technological advancements have led to the development of unfathomably intelligent systems that can recreate everything from images…

Read more →

In this post, we’ll explain all the steps required to connect a Mule application to Salesforce using the Salesforce connector with the OAuth JWT flow. You can also create your own certificate for the OAuth JWT flow with Salesforce or…

Read more →

When we think of the Internet of Things (IoT), our imaginations are often limited to consumer applications: smart homes, smart transportation, smart offices, etc. However, these account for just the tip of the iceberg when it comes to IoT. Just…

Read more →

I recently sat in on a discussion about programming based on user location. Folks that are way smarter than me covered technical limitations, legal concerns, and privacy rights. It was nuanced, to say the least. So, I thought I’d share…

Read more →

AI vulnerabilities: From medical diagnostics to autonomous vehicles, discover how changing a single pixel can compromise advanced deep learning models and explore the critical challenges to securing our AI-powered future. Introduction Deep learning (DL) is a fundamental component of Artificial…

Read more →

Buy Now, Pay Later (BNPL) solutions are altering the way in which clients connect to payment systems by offering financial flexibility and enhancing the checkout experience. This guide offers developers and architects comprehensive knowledge on integrating your checkout process with…

Read more →

The latest release of Angular, which is presently version 18.1.1, offers a wide range of features for developing robust and scalable web applications in Angular. However, safety continues to be of concern. In this article, we will discuss the configurations…

Read more →

DevOps has become the groundwork for delivering top-notch applications quickly and efficiently in today’s agile development. Its efficiency and speed can also cause notable security threats if vulnerabilities are not managed properly. Sixty percent of data breaches succeed because organizations…

Read more →

The Trivial Answer Most engineers know that we must have green builds because a red build indicates some kind of issue. Either a test did not pass, or some kind of tool found a vulnerability, or we managed to push…

Read more →

Data has become a valuable commodity in today’s digital era. It innovatively drives businesses to make informed decisions and personalized experiences for their customers, optimize operational efficiency, and accurately predict market trends. However, data’s immense value comes with an equally…

Read more →

Technology in the digital age has revolutionized our lives. However, this convenience comes with a growing threat: cybercrime. Malicious actors, ranging from petty thieves to sophisticated cybercriminals, operate online, seeking to exploit vulnerabilities and steal sensitive information, financial data, and…

Read more →

Digital transformation initiatives are ongoing processes for software developers in particular, and organizations at large must constantly adapt while enabling seamless workplace-cultural shifts and enhancing relevance to global users. With the increasing sophistication of cyber threats and the growing reliance…

Read more →

When it comes to secure web applications, we must keep sensitive data secure during the communication period. Sadly, while HTTPS encrypts data as it moves from point A to point B, the information is still exposed in a browser’s network…

Read more →

A microservice system could have a high number of components with complex interactions. It is important to reduce this complexity, at least from the standpoint of the clients interacting with the system. A gateway hides the microservices from the external…

Read more →

In today’s dynamic business environment, cloud computing has become a crucial enabler, offering enterprises unmatched scalability, flexibility, and cost-efficiency. Amazon Web Services (AWS), a leading cloud service provider, has transformed how organizations manage their IT infrastructures and applications. With AWS…

Read more →

Today’s fraud prevention processes are far smoother than they used to be. Automated alert systems and authentication measures are now standard, but these relatively simple, rules-based solutions are still imperfect. The growing field of behavioral biometrics offers a more reliable…

Read more →

In a world where innovation and productivity are paramount, the rise of Shadow IT has become an unavoidable reality for many organizations. A recent survey by Next DLP revealed a startling statistic: 73% of security professionals admitted to using unauthorized…

Read more →