Category: DZone Security Zone

The ever-evolving cybersecurity landscape presents growing challenges in defending against sophisticated cyber threats. Managing security in today’s complex, hybrid/multi-cloud architecture compounds these challenges. This article explores the importance of demonstrating cybersecurity effectiveness and the role of Breach and Attack Simulation…

Read more →

In our contemporary cybersecurity landscape, sneaky custom content threats are beginning to penetrate our email security policies and firewalls/virus-scanning network proxies with greater consistency. Aptly disguised files can easily wind their way into our inboxes and our most sensitive file…

Read more →

Learn how to record SSH sessions on a Red Hat Enterprise Linux VSI in a Private VPC network using in-built packages. The VPC private network is provisioned through Terraform and the RHEL packages are installed using Ansible automation. What Is…

Read more →

Implementing a zero-trust framework is essential to any website’s security — everything must be verified and authenticated. It ensures data integrity and prioritizes safety for everyone involved, especially the users. The Relationship Between UX and Security Prioritizing security and nothing…

Read more →

To patch the Exchange Servers against known threats and fix bugs and vulnerabilities, Microsoft releases Cumulative and Security updates on a regular basis. These updates also provide new features, security patches, and various other fixes. Usually, the installation of these…

Read more →

As the cybersecurity landscape continues to evolve, the challenges associated with defending against cyber threats have grown exponentially. Threat vectors have expanded, and cyber attackers now employ increasingly sophisticated tools and methods. Moreover, the complexity of managing security in today’s…

Read more →

In the constantly shifting realm of cybersecurity, remaining ahead of emerging threats is no longer merely an aspiration but an imperative. With cyber adversaries continuously enhancing their skills and tenacity, businesses are progressively embracing cutting-edge technologies and inventive tactics to…

Read more →

“Mobile is becoming not only the new digital hub but also the bridge to the physical world.”– Thomas Husson, VP and Principal Analyst at Forrester Research Mobile devices have become an inevitable part of organizations’ strategies to do more with…

Read more →

September marks National Insider Threat Awareness Month (NITAM), an annual campaign dedicated to shedding light on the risks posed by trusted insiders. Whether employees, contractors, partners, or collaborators, these authorized individuals have the potential to intentionally or accidentally cause significant…

Read more →

In today’s increasingly digital world, securing your applications has become paramount. As developers, we must ensure that our applications are protected from unauthorized access and malicious attacks. One popular solution for securing Java applications is Spring Security, a comprehensive and…

Read more →

Privacy by Design (PbD) is an approach to systems engineering that aims to embed privacy into every stage of the development process and across the entire organization from day one. Privacy is too often overlooked or solely an afterthought. Policies…

Read more →

On August 21, 2023, security researcher and HackerOne Advisory Board Member Corben Leo announced on social media that he had “hacked a car company” and went on to post a thread explaining how he “gained access to hundreds of their codebases.”…

Read more →

Emerging technologies are unlocking new possibilities for gathering and leveraging data from personal devices to provide highly customized and contextualized user experiences. As Dr. Poppy Crum, CTO, and neuroscientist, highlighted in her Technology and Human Evolution presentation at TIBCO Next,…

Read more →

As businesses shift operations to the cloud, robust security is crucial. DDoS attacks pose significant threats to cloud-based services, aiming to disrupt infrastructure and cause downtime and financial losses. AWS Shield from Amazon Web Services provides comprehensive DDoS protection, fortifying…

Read more →

Developing secure APIs is crucial, but testing them thoroughly can be time-consuming and difficult without the right tools. A new offering called CodeSec from application security provider Contrast Security aims to make robust API security testing quick, accurate, and accessible…

Read more →

Gradle version catalogs allow us to add and maintain dependencies in an easy and scalable way. Apps grow, and managing projects with several development teams increases the compilation time. One potential solution to address this issue involves segmenting the project…

Read more →

When choosing a user authentication method for your application, you usually have several options: develop your own system for identification, authentication, and authorization, or use a ready-made solution. A ready-made solution means that the user already has an account on…

Read more →

In today’s digitally interconnected world, software plays an integral role in our daily lives. From online banking and e-commerce to healthcare and transportation, software applications are at the heart of our technological infrastructure. However, with the increasing reliance on software,…

Read more →

Enterprise security teams have had since 2015 to familiarize themselves with GraphQL API security. But many — if not most — still haven’t captured the security nuances of the popular open-source query language. Simply understanding GraphQL’s processes and vulnerable attack…

Read more →

At Black Hat 2023, Kemba Walden, Acting National Cyber Director at the White House, outlined a new national cybersecurity strategy aimed at strengthening defenses through workforce development and technology initiatives. For developers and technology professionals, this strategy has major implications,…

Read more →