Category: DZone Security Zone

When choosing a user authentication method for your application, you usually have several options: develop your own system for identification, authentication, and authorization, or use a ready-made solution. A ready-made solution means that the user already has an account on…

Read more →

In today’s digitally interconnected world, software plays an integral role in our daily lives. From online banking and e-commerce to healthcare and transportation, software applications are at the heart of our technological infrastructure. However, with the increasing reliance on software,…

Read more →

Enterprise security teams have had since 2015 to familiarize themselves with GraphQL API security. But many — if not most — still haven’t captured the security nuances of the popular open-source query language. Simply understanding GraphQL’s processes and vulnerable attack…

Read more →

At Black Hat 2023, Kemba Walden, Acting National Cyber Director at the White House, outlined a new national cybersecurity strategy aimed at strengthening defenses through workforce development and technology initiatives. For developers and technology professionals, this strategy has major implications,…

Read more →

In the constant struggle between security and agility, developers often draw the short straw. Tasked with rapidly building and deploying code, engineers get bogged down handling security incidents or remediating vulnerabilities. The friction between creating quickly and creating securely slows…

Read more →

Agile software development has transformed how software is created and delivered. It fosters collaboration, flexibility, and quick development cycles, making it appealing to many teams. However, Agile’s numerous advantages come with specific cybersecurity risks that developers must address. In this…

Read more →

In today’s interconnected society, the Internet of Things (IoT) has seamlessly integrated itself into our daily lives. From smart homes to industrial automation, the number of IoT devices continues to grow exponentially. However, along with these advancements comes the need…

Read more →

On July 11, 2023, Microsoft released details of a coordinated attack from threat actors, identified as Storm-0558. This state-sponsored espionage group infiltrated email systems in an effort to collect information from targets such as the U.S. State and Commerce Departments.…

Read more →

Tokens are essential for secure digital access, but what if you need to revoke them? Despite our best efforts, there are times when tokens can be compromised. This may occur due to coding errors, accidental logging, zero-day vulnerabilities, and other…

Read more →

Identity and access management (IAM) is fundamental to modern cybersecurity and operational efficiency. It allows organizations to secure their data, comply with regulations, improve user productivity, and build a strong foundation for trustworthy and successful business operations. A robust IAM…

Read more →

In today’s interconnected global marketplace, secure data transmission is more crucial than ever. As digital platforms become increasingly important for financial transactions and personal communications, ensuring the integrity and confidentiality of data is vital. If someone gets unauthorized access to…

Read more →

In the face of ever-changing threats and complex infrastructures, the zero-trust architecture represents an important transformation in our understanding and implementation of security. This innovative approach promises not only increased protection but also increased adaptability and efficiency in infrastructure management.…

Read more →

In today’s digital landscape, data privacy and accurate analytics are paramount for businesses striving to make informed decisions. Google Analytics 4 (GA4) brings a new dimension to data privacy and tracking methods, including cookie-less tracking and server-side tracking.  Growing worries…

Read more →

Code scanning for vulnerability detection for exposure of security-sensitive parameters is a crucial practice in MuleSoft API development.  Code scanning involves the systematic analysis of MuleSoft source code to identify vulnerabilities. These vulnerabilities could range from hardcoded secure parameters like…

Read more →

MQTT is a lightweight messaging protocol commonly used in IoT (Internet of Things) applications to enable communication between devices. As a popular open-source MQTT broker, EMQX provides high scalability, reliability, and security for MQTT messaging. By using Terraform, a widespread…

Read more →

MQTT is a lightweight messaging protocol used in the Internet of Things (IoT) to enable communication between devices. As a popular open-source MQTT broker, EMQX provides high scalability, reliability, and security for MQTT messaging. By using Terraform, a widespread Infrastructure…

Read more →

Starters are an integral part of the Spring Boot application. In addition to dependency versioning, they provide the ability to describe the configuration for a particular functionality. They gained their popularity due to the development of microservice architecture. When we…

Read more →

SaaS applications and services are at the core of today’s businesses, and a quick glance at the market indicates that this trend isn’t going to stop anytime soon. Gartner forecasts that SaaS spending will reach $197 billion in 2023, up…

Read more →

The Microsoft OpenXML files we use on a day-to-day basis are conveniently designed to be accessed and manipulated programmatically. We can jump into any OpenXML file structure in a variety of capacities (usually via specialized programming libraries or APIs) to…

Read more →