Category: DZone Security Zone

This article provides a brief overview of techniques that can be used in your mobile iOS application to keep it secure enough for the vast majority of cases. If you are a junior or middle iOS developer and have not…

Read more →

Cloud computing has revolutionized software organizations’ operations, offering unprecedented scalability, flexibility, and cost-efficiency in managing digital resources. This transformative technology enables businesses to rapidly deploy and scale services, adapt to changing market demands, and reduce operational costs. However, the transition…

Read more →

Creating an OAuth 2.0 Authorization Server from scratch involves understanding the OAuth 2.0 framework and implementing its various components, such as the authorization endpoint, token endpoint, and client registration. In this detailed guide, we’ll walk through building a simple OAuth…

Read more →

When superior performance comes at a higher price tag, innovation makes it accessible. This is quite evident from the way AWS has been evolving its services:  gp3, the successor of gp2 volumes: Offers the same durability, supported volume size, max IOPS…

Read more →

Last week, we listed 16 practices to help secure one’s APIs and described how to implement them with Apache APISIX. Authentication: Verifies the identity of users accessing APIs. Authorization: Determines permissions of authenticated users. Data Redaction: Obscures sensitive data for…

Read more →

Generative AI (GenAI) represents a significant leap in artificial intelligence, enabling the creation of novel and realistic data, from text and audio to images and code. While this innovation holds immense potential, it also raises critical concerns regarding data security…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, The Modern DevOps Lifecycle: Shifting CI/CD and Application Architectures. Software supply chains (SSCs) have become a prevalent topic in the software development world, and for…

Read more →

Developers need feedback on their work so that they know whether their code is helping the business. They should have “multiple feedback loops to ensure that high-quality software gets delivered to users”[1]. Development teams also need to review their feedback…

Read more →

There are several steps involved in implementing a data pipeline that integrates Apache Kafka with AWS RDS and uses AWS Lambda and API Gateway to feed data into a web application. Here is a high-level overview of how to architect this…

Read more →

Digital security has become a significant worry for organizations of different sizes in today’s fast-paced world. With the rate at which digital threats continue to develop, enhancing security measures is very important to protect vulnerable data and infrastructure. This defense…

Read more →

As Managed Service Providers (MSPs) continue to play a crucial role in managing IT services for businesses, understanding the landscape of cybersecurity threats becomes paramount. The year 2024 is no exception, with cybercriminals employing more sophisticated methods to breach defenses.…

Read more →

Critical Infrastructure Protection is the need to safeguard a nation/region’s important infrastructures, such as food, agriculture, or transportation. Critical infrastructures include transportation systems, power grids, and communication systems. Critical infrastructure protection is important to communities because any damage to these…

Read more →

In fintech application mobile apps or the web, deploying new features in areas like loan applications requires careful validation. Traditional testing with real user data, especially personally identifiable information (PII), presents significant challenges. Synthetic transactions offer a solution, enabling the…

Read more →

Have you authorized an application to access Salesforce without giving your credentials to that application? Then, you must have used a Salesforce OAuth authorization flow. OAuth is a standard for authorization. Salesforce uses several OAuth flows, and all these flows…

Read more →

In today’s digital age, the proliferation of Deepfake technology and voice phishing (vishing) tactics presents a significant challenge to the authenticity and security of digital communications. Deepfakes manipulate audio and video to create convincing counterfeit content, while vishing exploits voice…

Read more →

Concerns about internet privacy and security are more common than ever in the quickly changing digital environment. As individuals and organizations participate in a variety of online activities, the necessity to protect sensitive information has resulted in the widespread use…

Read more →

SQL injection remains one of the most pernicious forms of security vulnerabilities facing databases today. This attack method exploits security weaknesses in an application’s software by injecting malicious SQL statements into an execution field. For databases hosted on Amazon RDS…

Read more →

In the rapidly evolving world of cloud-native technologies, Kubernetes has emerged as the de facto orchestration tool, enabling businesses to deploy, manage, and scale containerized applications with unparalleled efficiency. However, as the complexity of deployments grows, ensuring compliance and governance…

Read more →

Statelessness in RESTful applications poses challenges and opportunities, influencing how we manage fundamental security aspects such as authentication and authorization. This blog aims to delve into this topic, explore its impact, and offer insights into the best practices for handling…

Read more →

Welcome to the final step in creating your Collectibles portal! (for part 1, see here). In this part, we’ll focus on building the front end — the last piece of the puzzle. Here’s what we’ll achieve: This article has been…

Read more →

Docker images play a pivotal role in containerized application deployment. They encapsulate your application and its dependencies, ensuring consistent and efficient deployment across various environments. However, security is a paramount concern when working with Docker images. In this guide, we…

Read more →

Web applications have become deeply integrated into business operations and everyday life. However, this reliance also introduces major security risks if applications are not properly coded and configured. Implementing secure coding practices is, therefore, essential for any web application. Not…

Read more →

In today’s world, where everything is connected to the internet, cybersecurity is more significant than ever. Cyberattacks can cause serious damage to individuals, businesses, and governments by stealing data, disrupting services, or compromising systems. To prevent these attacks, we must…

Read more →

A couple of months ago, I stumbled upon this list of 16 practices to secure your API: Authentication: Verifies the identity of users accessing APIs. Authorization: Determines permissions of authenticated users. Data redaction: Obscures sensitive data for protection. Encryption: Encodes data…

Read more →

AI is rapidly changing the way that people develop and build their own apps, automation, and copilots, helping enterprises improve efficiency and outputs without further straining IT and the help desk. While this is leveling the playing field for software…

Read more →

Who doesn’t want to be treated as a safe, trustworthy, and reliable business? It’s hard to find anybody in the IT or cybersecurity area who would say that they don’t. That is the reason why everybody who works with data…

Read more →

With a rapidly increasing reliance on online networks, cloud computing, and online data storage, companies must strengthen their cybersecurity procedures. As the cyber terrain grows, so does the onslaught of cyber threats that put companies at risk of data breaches,…

Read more →

DevSecOps, short for Development, Security, and Operations, is an approach to software development that integrates security practices into the DevOps (Development and Operations) process. The main goal of DevSecOps is to ensure that security is an integral part of the…

Read more →

In this article, we’ll talk about fine-grained access control in DB2 – hiding data that is, in fact, present in the database, but should not be accessible to certain users. Fine-grained access control is usually done in the database itself…

Read more →

Cybersecurity threats are acts performed by people with hurtful expectations, whose objective is to take information, do harm or disrupt computing systems. Normal classes of cyber threats include malware, social engineering, man-in-the-middle (MitM) attacks, denial of service (DoS), and injection…

Read more →

< div> In the fast-paced digital landscape, where connectivity is paramount, the need for robust cybersecurity measures in networking has never been more critical. This article delves into the latest trends and best practices in cybersecurity, aiming to provide insights…

Read more →

I started research for an article on how to add a honeytrap to a GitHub repo. The idea behind a honeypot weakness is that a hacker will follow through on it and make his/her presence known in the process.  My…

Read more →

The rapid advancement of artificial intelligence (AI) in cybersecurity has been widely celebrated as a technological triumph. However, it’s time to confront a less discussed but critical aspect: Is AI becoming more of a liability than an asset in our…

Read more →

In the rapidly evolving world of blockchain technology, building decentralized applications (dApps) presents a unique opportunity for developers to explore the potential of Ethereum and smart contracts. This article aims to guide you through the process of creating a simple…

Read more →

The NIST AI RMF (National Institute of Standards and Technology Artificial Intelligence Risk Management Framework) provides a structured framework for identifying, assessing, and mitigating risks associated with artificial intelligence technologies, addressing complex challenges such as algorithmic bias, data privacy, and…

Read more →

Cloud services have transformed organizational approaches to security, presenting a range of tools and features to strengthen defenses against evolving threats. This study examines the multifaceted involvement of cloud service providers in enhancing security through Anti-CSRF tokenization and the establishment…

Read more →

Have you ever wondered what gives the cloud an edge over legacy technologies? When answering that question, the obvious but often overlooked aspect is the seamless integration of disparate systems, applications, and data sources. That’s where Integration Platform as a…

Read more →

SIEM solutions didn’t work perfectly well when they were first introduced in the early 2000s, partly because of their architecture and functionality at the time but also due to the faults in the data and data sources that were fed…

Read more →

Setting up robust network security in Kubernetes is a challenge that demands both precision and adaptability. NetworkPolicy offers the potential for highly specific network configurations, enabling or blocking traffic based on a comprehensive set of criteria. However, the dynamic nature…

Read more →

In the last few years, many organizations from various industries, including retail, media, healthcare, automotive, finance, aviation, real estate, etc., have been affected by security incidents or data breaches. Q2 2023 saw 2.6 times more data breaches than Q1 2023.…

Read more →

Any organization with interconnected systems must prioritize integration security in order to safeguard sensitive business and customer information. But with so many options for securing integrations, picking the right combination of features and protocols could make or break your security.…

Read more →

The era of digital transformation has ushered in a new dimension of data management challenges, with businesses of all sizes grappling with how to safeguard their critical data assets. Amid this backdrop, hybrid cloud backup has emerged as a pivotal…

Read more →

Security is an important aspect of any software application. Often, it is the least priority and is overlooked while designing a system. The main focus is emphasized on functional and non-functional requirements to design our system for end users. However,…

Read more →

How Secure Cloud Development Addresses the Challenge of Working Securely With Remote Teams The landscape of software development is constantly changing, and secure Cloud Development Environments (CDEs) have brought about a remarkable transformation in secure project management and execution when…

Read more →

Kubernetes is a robust container orchestration technology that is extensively used for containerized application deployment, scaling, and management. While Kubernetes provides a number of capabilities for protecting containerized workloads, it is critical to understand and handle numerous security aspects in…

Read more →

Amazon Web Services (AWS) Relational Database Service (RDS) simplifies the setup, operation, and scaling of a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and…

Read more →

IoT has ushered in an era of unprecedented connectivity and data collection. IoT edge devices, ranging from sensors to industrial machines, have become integral to various industries, offering insights, automation, and efficiency. However, managing a large number of these edge…

Read more →

In this tutorial, we’ll learn how to build a website for collecting digital collectibles (or NFTs) on the blockchain Flow. We’ll use the smart contract language Cadence along with React to make it all happen. We’ll also learn about Flow,…

Read more →

Data, often referred to as the lifeblood of modern businesses, enables organizations to embrace innovations that further enhance productivity. However, harnessing this power comes with great risks. Increasing reliance on data being collected comes with the challenges of safeguarding this…

Read more →

Many government bodies have historically been averse to open-source software (OSS). Now that OSS has gained popularity and shown what it can do in the private sector, that’s changing. The open-source movement holds significant potential for public agencies, too, especially…

Read more →

In the digital age, the security landscape is continually evolving, with malicious actors developing and deploying a variety of sophisticated malware to exploit systems, steal data, and disrupt operations. Understanding the diverse array of malware types is crucial for individuals,…

Read more →

Year by year, artificial intelligence evolves and becomes more efficient for solving everyday human tasks. But at the same time, it increases the possibility of personal information misuse, reaching unprecedented levels of power and speed in analyzing and spreading individuals’…

Read more →

In the paradigm of zero trust architecture, Privileged Access Management (PAM) is emerging as a key component in a cybersecurity strategy, designed to control and monitor privileged access within an organization. This article delves into the pivotal role of PAM…

Read more →

The Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is…

Read more →

The term ‘security posture” is used to describe the state of an organization’s overall security and response readiness. Multiple solutions are emerging that aggregate findings to provide a holistic view of enterprise security risks. Security posture can also be seen…

Read more →

In this blog, I would like to share a few best practices for creating highly secure applications in Mule 4 (security at various levels/layers — application, data, etc.) for all deployment options. Most of the configuration details (relevant to security)…

Read more →

The continuous upgrades in the landscape of web development are empowering software developers every day with all the leverage they need to enhance performance, improve efficiency, and create richer user experiences across various domains. Enter WebAssembly (Wasm), a game-changing technology…

Read more →

Data security and privacy are one of the top priorities for organizations and their clients in the current digital era. Industry standards and regulatory frameworks have been developed to make sure that businesses manage sensitive data appropriately. The SOC (System…

Read more →

This article underscores the vital role of data in the creation of applications that deliver precise outputs aligned with business requirements. To architect and cultivate an application that yields precise outputs in alignment with business requirements, paramount emphasis must be…

Read more →

Composability in blockchains refers to a framework that permits the interaction and interconnection of discrete elements, especially smart contracts. This kind of modular ecosystem is important as it helps programmers utilize existing components to build advanced systems very quickly. In…

Read more →

In today’s digital age, data is the lifeblood of small and medium-sized businesses (SMBs). Whether it’s customer records, financial data, or intellectual property, the loss of critical information can be disastrous. To safeguard against such potential disasters, SMBs must invest…

Read more →

What Is Patch Management? Patch management is a proactive approach to mitigate already-identified security gaps in software. Most of the time, these patches are provided by third-party vendors to proactively close the security gaps and secure the platform, for example.…

Read more →

User experience stands at the forefront of technological advancements in the rapidly evolving modern business landscape.  Admit it; if your platform isn’t offering a seamless experience to your targeted audience and you fail to create an impression when a user…

Read more →

The evolution of web application deployment demands efficient canary release strategies. In the realm of canary releases, various solutions exist. Traditional “big bang” deployments for web applications pose significant risks, hindering rapid innovation and introducing potential disruption. Canary deployments offer…

Read more →

Remote Developers Are Part of the Liquid Workforce The concept of a liquid workforce (see Forbes, Banco Santander, etc.) is mostly about this: A part of the workforce is not permanent and can be adapted to dynamic market conditions. In…

Read more →

Data lineage is the tracking and visualization of the flow and transformation of data as it moves through various stages of a data pipeline or system. In simpler terms, it provides a detailed record of the origins, movements, transformations, and…

Read more →

At the moment, there is a constantly increasing number of smart video cameras collecting and streaming video throughout the world. Of course, many of those cameras are used for security.  In fact, the global video surveillance market is expected to…

Read more →

Software development is a complex and dynamic field requiring constant input, iteration, and collaboration. The need for reliable, timely, and high-quality solutions has never been higher in today’s fiercely competitive marketplace. Enter DevOps, a revolutionary approach that serves as the…

Read more →

We already know that Kubernetes revolutionized cloud-native computing by helping developers deploy and scale applications more easily. However, configuring Kubernetes clusters so they are optimized for security, efficiency, and reliability can be quite difficult. The 2024 Kubernetes Benchmark Report analyzed over…

Read more →

Managing data across complex on-premise, multi-cloud, and SaaS environments is an increasingly difficult challenge for technology developers, engineers, and architects. With data now spread across over 200 silos on average, most organizations are struggling to protect business critical information residing…

Read more →

DLP, or Data Loss Prevention, is a proactive approach and set of technologies designed to safeguard sensitive information from unauthorized access, sharing, or theft within an organization. Its primary goal is to prevent data breaches and leaks by monitoring, detecting,…

Read more →

The evolving nature of technology, increased data volumes, novel data regulations and compliance standards, and changing business landscapes in the last decade are resulting in data chaos and inconsistency for many enterprises, and that is resulting in enterprises going towards…

Read more →

Digital transformation is the goal of each business in the retail industry today. It is the tool used by various businesses across the world to understand and modify their business models. A digital transformation is a strategic approach through which…

Read more →

Cloud computing has transformed software development and management, facilitating unparalleled scalability, flexibility, and cost efficiency. Nevertheless, this paradigm change has faced challenges, primarily legal and compliance issues. Data, services, and infrastructure often reside in a nebulous space, not directly owned…

Read more →

With growth comes more compliance responsibilities. Larger user bases attract the risk of data breaches, with malicious actors paying more attention to companies that are on the rise. Regulatory frameworks like GDPR, Quebec Law 25, and the India Data Protection…

Read more →

Welcome back to this series where we have been learning how to build web applications with AI. So far in this series, we’ve created a working app that uses AI to determine who would win in a fight between two…

Read more →

Data de-identification is a necessary exercise healthcare institutions and organizations dealing with personally identifiable information must implement. With the help of data de-identification software, it has become easier to mask personal data that can put an individual at risk.  De-identifying…

Read more →

SIEM stands for Security Information and Event Management.  SIEM platforms offer centralized management of security operations, making it easier for organizations to monitor, manage, and secure their IT infrastructure. SIEM platforms streamline incident response processes, allowing security teams to respond…

Read more →

In a recent announcement, Pinterest revealed its successful migration from HTTP/2 to HTTP/3. This marked a significant improvement in its networking infrastructure. The aim was to enhance the user experience and improve critical business metrics by leveraging the capabilities of…

Read more →

For years, data governance has been obsessed with a metric that feels more like accounting than strategic decision-making: coverage. Data Governance tool vendors educated a generation of governance professionals to diligently track the percentage of documented data, chasing a completion…

Read more →

Embedded systems are at the core of our modern-age technology, powering everything from smart electronic devices to connected applications. These systems have become crucial in various industries enabling advanced applications. However, the security of these devices has become a major…

Read more →

Whether or not you’re caught up in the NFT hype, as a software engineer, staying abreast of recent innovations is crucial. It’s always fascinating to delve into the technologies underpinning such trendy features. Typically, I prefer to let the dust…

Read more →

The Internet of Things (IoT) has rapidly expanded the landscape of connected devices, revolutionizing industries ranging from healthcare to manufacturing. However, as the number of IoT devices continues to grow, so do the security challenges. One crucial aspect of IoT…

Read more →

In the age of information, “data is treasure.” With trillions of datasets encapsulating the world, data is fragile. Safeguarding data is imperative, and data governance ensures data is managed, safe, and in compliance. Data Governance Data governance overlooks data. It…

Read more →

Cloud computing has transformed how businesses access and manage their data and apps. With the growing complexity of cloud-based ecosystems, faster access and increased security are critical. Single Sign-On (SSO) becomes a game changer in this situation. We will look…

Read more →

The Trusted Platform Module (TPM) is an important component in modern computing since it provides hardware-based security and enables a variety of security features. TPM chips have grown in relevance in both physical and virtual contexts, where they play a…

Read more →

In an era where digitalization permeates every facet of our lives, the interplay between technology, society, and regulations becomes increasingly critical. As we navigate through a world brimming with data, understanding the evolving landscape of data protection is not just…

Read more →

In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. As businesses increasingly rely on a complex web of developers, third-party vendors, and cloud-based services to build and maintain…

Read more →

Over the past few years, AI has steadily worked its way into almost every part of the global economy. Email programs use it to correct grammar and spelling on the fly and suggest entire sentences to round out each message. Digital…

Read more →

PII and Its Importance in Data Privacy In today’s digital world, protecting personal information is of primary importance. As more organizations allow their employees to interact with AI interfaces for faster productivity gains, there is a growing risk of privacy breaches and…

Read more →

Extended Berkeley Packet Filter (eBPF) is a programming technology designed for the Linux operating system (OS) kernel space, enabling developers to create efficient, secure, and non-intrusive programs. Unlike its predecessor, the Berkeley Packet Filter (BPF), eBPF allows the execution of…

Read more →

Websites and web applications are more than just digital interfaces; they are gateways through which sensitive data, personal information, and critical business operations flow. As such, ensuring their security is paramount. The landscape of cybersecurity is not static; it’s a…

Read more →

Who said that there is no link between backup and compliance? Why should you have a compliant backup? What is more, why a Disaster Recovery is an inalienable part of a company’s compliance? What place here is given to Disaster…

Read more →

This article discusses a new approach to detecting guns in educational institutions by leveraging visual and auditory cues. The system below combines YOLOv7 for image recognition and pyAudioAnalysis for audio analysis to identify guns visually and discern gun-related sounds. The…

Read more →

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) stands as a beacon of guidance for organizations navigating the intricate landscape of cybersecurity. In an era where cloud computing has become integral to software development, the fusion of…

Read more →

To get started, we are going to take an example of a typical three-layer app to analyze the module boundaries and the challenges faced in managing them. This specific architecture has been intentionally chosen, assuming that it is familiar to…

Read more →

Few technologies have had as deep an influence as Bluetooth in a world where continuous connection has become a fundamental part of our everyday lives. Bluetooth has quietly revolutionized the way we connect and interact wirelessly, from our headphones to…

Read more →

This new era is characterized by the rise of decentralized applications (DApps), which operate on blockchain technology, offering enhanced security, transparency, and user sovereignty. As a full-stack developer, understanding how to build DApps using popular tools like Node.js is not…

Read more →

Public clouds are designed for everyone but there are a lot of customers that need a private version of the cloud. Sometimes, they need physically isolated data centers and networks located in their own country. These private clouds offer Platform-as-a-Service…

Read more →

The use of Cloud Development Environments (CDEs) allows the migration of coding environments online. Solutions range from using a self-hosted platform or a hosted service. In particular, the advantage of using CDEs with data security, i.e., secure Cloud Development Environments,…

Read more →