Category: DZone Security Zone

MQTT is a lightweight messaging protocol used in the Internet of Things (IoT) to enable communication between devices. As a popular open-source MQTT broker, EMQX provides high scalability, reliability, and security for MQTT messaging. By using Terraform, a widespread Infrastructure…

Read more →

Starters are an integral part of the Spring Boot application. In addition to dependency versioning, they provide the ability to describe the configuration for a particular functionality. They gained their popularity due to the development of microservice architecture. When we…

Read more →

SaaS applications and services are at the core of today’s businesses, and a quick glance at the market indicates that this trend isn’t going to stop anytime soon. Gartner forecasts that SaaS spending will reach $197 billion in 2023, up…

Read more →

The Microsoft OpenXML files we use on a day-to-day basis are conveniently designed to be accessed and manipulated programmatically. We can jump into any OpenXML file structure in a variety of capacities (usually via specialized programming libraries or APIs) to…

Read more →

Previous Articles Volume 1 Volume 2 Volume 3 Volume 4 Volume 5 Volume 6 Volume 7 Volume 8 Volume 9 Volume 10 Volume 11 Volume 12 Topics Topic 1: Diagnose certificate-based authentication Topic 2: Differences between cockroach and psql clients…

Read more →

Since most security administrators have little insight into cloud-to-cloud connections, monitoring and protecting data throughout these communications is challenging. This article will examine the issue and potential remedies.  What Exactly Is a ‘Plug-In’ in a SaaS System? A plug-in SaaS…

Read more →

Over the past several years, Zero Trust Architecture (ZTA) has gained increased interest from the global information security community. Over the years, several organizations have adopted Zero Trust Architecture (ZTA) and experienced considerable security improvements. One such example is Google,…

Read more →

As the global community grapples with the urgent challenges of climate change, the role of technology and software becomes increasingly pivotal in the quest for sustainability. There exist optimization approaches at multiple levels that can help: Algorithmic efficiency: Algorithms that…

Read more →

In the rapidly evolving landscape of healthcare, Artificial Intelligence (AI) has emerged as a transformative force, promising to reshape the industry with its potential to improve diagnostics, personalize patient care, and streamline administrative tasks. AI Chatbots, like the UK-based Babylon…

Read more →

Are you looking to develop dynamic and secure web applications? If so, then C# (pronounced as “C sharp”) is a powerful programming language that can meet your requirements.  C# is widely used in web development due to its versatility, performance,…

Read more →

Data migration can be challenging due to the need to merge data from multiple sources into one consolidated new system, which can be both risky and time-consuming.  These issues can arise due to a lack of proper planning, inadequate migration…

Read more →

The failure to provide adequate security for software releases and delivery is becoming costlier day by day, and the impact is enormous: business disruption, lost sales, damaged reputations, frustrated users, and more. Security breaches can happen within any stage of…

Read more →

In this 15-minute lightning talk, Diptesh “Dips” Mishra, CTO for Shoal (a Standard Chartered Venture) talks about the governance challenges that financial services organizations face when they look to adopt DevSecOps. Dips has worked for Nationwide, Lloyds Banking Group, and…

Read more →

When enterprises select a SaaS provider for mission-critical applications, they are placing a bet on that product and vendor. Smart customers understand that they must minimize risks to their security and their business. Not surprisingly, many CISOs and security organizations…

Read more →

Istio’s virtual services and destination rules help DevOps engineers and cloud architects apply granular routing rules and direct traffic around the mesh. Besides, they provide features to ensure and test network resiliency so that applications operate reliably. In this article,…

Read more →

Single sign-on is a feature that allows users to access more than one application with the same credentials. This article shows how we can configure SSO using the WSO2 Identity Server. There is a cab company called Pickup that has…

Read more →

It’s a common belief among AWS users that Northern Virginia, also known as US East or N. Virginia (US-East-1), is the region with the least reliability when it comes to uptime. To verify this, we analyzed the AWS outage history…

Read more →

Maria Markstedter, founder of Azeria Labs and security researcher specialized in mobile and IoT security, was the opening keynote at BlackHat 2023 — Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow. Markstedter provided an enlightening look at…

Read more →

HTTP headers are essential elements in the communication between clients (e.g., web browsers) and servers on the internet. They contain metadata, which is additional information about the client or the request being made. These headers allow clients and servers to…

Read more →

In the world of modern software development, meticulous monitoring and robust debugging are paramount. With the rise of reactive programming paradigms, Spring WebFlux has emerged as a powerful framework for building reactive, scalable, and highly performant applications. However, as complexity…

Read more →

In this post, we will learn about the steps involved in the process of configuring an HTTPS endpoint with one-way SSL for a Mule Application. Securing communication between clients and servers is essential in today’s digital world, and using HTTPS…

Read more →

The software supply chain has emerged as a prime target for cyberattacks in recent years, as evidenced by major incidents like SolarWinds and Log4Shell. To understand how IT teams can get ahead of supply chain threats, I spoke with two…

Read more →

Android app modularization refers to the process of breaking down an Android app into smaller, independent modules. These modules can be thought of as building blocks that can be combined to form the complete app. Each module is typically responsible…

Read more →

Privileged access management (PAM) is critical for securing sensitive systems and data, especially with remote work’s expanded attack surface. However, recent research by Keeper Security reveals significant barriers still inhibit broad PAM adoption. Cost and complexity top the list of…

Read more →

Our ever-increasing reliance on technology has made software security more crucial than ever. Business owners and individuals use software every day, and that isn’t changing any time soon.  Developers are responsible for creating software that can stand up against a…

Read more →

Time and again, we encounter stark reminders that every piece of software, no matter how widespread its use or how thoroughly it is reviewed, has the potential to harbor security vulnerabilities. A recent case in point is a security flaw…

Read more →

Everywhere you turn, data security is a major challenge for several organizations. This makes it difficult to ensure that data is reliable and accurate for use. This is why organizations must now take data preservation more seriously than they ever…

Read more →

APIs are the digital fabric connecting companies, partners, and customers. But increased reliance on APIs also introduces new security risks. I recently spoke with Michelle McLean, VP of Marketing at API security provider Salt Security during Black Hat 2023 about…

Read more →

We all know that data is being generated at an unprecedented rate. You may also know that this has led to an increase in the demand for efficient and secure data storage solutions that won’t break the bank. Edge data…

Read more →

In this article, we will discuss JWT Authentication in Angular 14 step-by-step. If you want to learn the basics and details of the JWT Token, then check out this article.  This article has been indexed from DZone Security Zone Read…

Read more →

In the rapidly evolving world of technology, software applications have become the backbone of modern society. From mobile apps that streamline our daily tasks to web-based platforms that connect us globally, these applications rely on seamless communication and data exchange.…

Read more →

Security and governance are two major blockers that either stop or delay the cloud journey of various customers. In this era of the digital world, almost everyone has shown their concerns about the security of their data. Some are concerned…

Read more →

A recent interview with Island’s founding team member Brian Kenyon at Black Hat 2023 sheds light on how the enterprise browser is poised to become a powerful platform for secure remote work. Island offers a version of the Chromium open-source…

Read more →

One of the most widely held misconceptions is that authorization and authentication are the same, or something your identity provider does. It also doesn’t help that certain authentication vendors blur the line by offering their versions of access controls. But,…

Read more →

A secret is any piece of information that you want to keep confidential, such as API keys, passwords, certificates, and SSH keys. Secret Manager systems store your secrets in a secure, encrypted format, and provide you with a simple, secure…

Read more →

As an average user, choosing the right software can be a challenge. However, how you deploy the software can make a significant difference in its effectiveness. The process of deploying software involves making a tool ready for use in a…

Read more →

Istio service mesh helps DevOps engineers and architects manage the network and security of distributed applications without touching the application code. In a previous blog, we explained How to get started with Istio in Kubernetes in 5 steps, where Istio’s…

Read more →

In this article, we are going to discuss JWT Token authentication and implementation using .NET Core API 6. Before looking into this blog, visit my previous blog: Introduction and Details about JWT Token Authentication and Authorization, to understand the basics…

Read more →

The urgency of securing vulnerable software infrastructure is at the heart of an ambitious new DARPA program — the AI Cyber Challenge (AIxCC). Through competitions engaging top security talent, AIxCC aims to spur innovative tools that automatically detect and patch…

Read more →

Our previous articles of this series explored various methods to safeguard IoT devices from cyberattacks, including encryption, authentication, and security protocols. However, it is crucial to acknowledge that regular updates and maintenance are equally vital to ensure the ongoing security…

Read more →

Although they are often conflated with each other, Authentication and Authorization, represent two fundamentally different aspects of security that work together in order to protect sensitive information. In this blog, we will go over some of the key differences between…

Read more →

Richmond, Virginia, has a vibrant and storied history. While Edgar Allan Poe is more associated with Baltimore, he actually grew up in Richmond, home to the Edgar Allan Poe Museum. Richmond was also home to Maggie Lena Walker, the first…

Read more →

Enterprises nowadays are keen on adopting a microservices architecture, given its agility and flexibility. Containers and the rise of Kubernetes — the go-to container orchestration tool — made the transformation from monolith to microservices easier for them. However, a new…

Read more →

In this article, we are going to discuss JWT Token authentication and implementation using .NET Core API 6. Before looking into this blog, visit my previous blog: Introduction and Details about JWT Token Authentication and Authorization, to understand the basics…

Read more →

Cloud security is a top priority for several organizations right now; no doubt about that. However, many companies still find themselves grappling in the dark when it comes to implementing effective cloud security controls. This article addresses challenges businesses might…

Read more →

If there’s one thing nearly all contemporary, interactive client-side web applications have in common, it’s a reliance on dynamic user-facing text input fields. These fields play the all-important role of capturing plain text data from client-side browsers and sharing that…

Read more →

ESXi hosts are the backbone of virtualization, serving as the foundation for running virtual machines and managing critical workloads and as such, ensuring the security of ESXi hosts is paramount to protect the entire virtual infrastructure. As virtualization technology continues…

Read more →

To say that the RSA Conference is one of the largest cybersecurity conventions in the world would be an understatement. This year the event attracted 40,000 participants. Tens of thousands of individuals showed up to learn about the latest updates…

Read more →

Deception technology is a cybersecurity tactic that involves setting traps for potential intruders with fabricated versions of valuable assets. An organization’s security teams are alerted when cybercriminals are lured by this method.  This approach shortens the time required to detect…

Read more →

Data engineers discovered the benefits of conscious uncoupling around the same time as Gwyneth Paltrow and Chris Martin in 2014.  Of course, instead of life partners, engineers were starting to gleefully decouple storage and compute with emerging technologies like Snowflake…

Read more →

The rapid adoption of cloud computing is no coincidence. Small and medium-sized businesses (SMBs) businesses are now presented with the opportunity to break free from the constraints of traditional IT infrastructure and enjoy the numerous benefits the cloud has to…

Read more →

In an increasingly interconnected world, the need for robust cybersecurity infrastructure resilience is now more critical than ever. Cyberattacks pose significant threats to nations, businesses, and individuals alike, with potentially devastating consequences. It is in this context that we can…

Read more →

We discussed the fundamentals of EVM, the need for EVM compatibility, and the general benefits in part I of the EVM compatibility chronicles. Now, let’s delve into and explore the significance of EVM compatibility for Humanode, and gain insights directly from MOZGIII,…

Read more →

Kubernetes has made it easier to manage containerized microservices at scale. However, you get a limited set of security features with Kubernetes. A key component of application security is the prevention of unauthorized access. Standards-based identity and access management (IAM)…

Read more →

When I was a teenager, our local telephone company introduced a new service — the premium phone calls (AKA 1-900 numbers). The fun part was that we discovered a workaround to these charges by dialing the sequential local numbers, which…

Read more →

Modern software demands speed, security, and scale. Ultraviolet is meeting these needs through a developer-focused approach that multiplies productivity while reducing complexity. At BlackHat 2023, Ultraviolet CTO Jake Groth outlined how the company leverages microservices, “as code” methodologies, and developer-created…

Read more →

Web development is a pillar of contemporary commercial success in the digital world. How a website functions and appears directly influences user experience and, consequently, a company’s triumph in the competitive online realm. Web developers hold the keys to maximizing…

Read more →

In today’s fast-paced software development landscape, organizations need to provide their internal development teams with the tools and infrastructure necessary to excel. Internal developer platforms have emerged as a powerful solution that enables companies to streamline their software development processes…

Read more →

Dive deep into the DevOps world and explore the best practices that can help organizations achieve success in their release processes! Software development and operations have become increasingly intertwined in today’s fast-paced and technology-driven world. DevOps has emerged as a…

Read more →

Security continues to be one of the most important aspects of web3. As a developer, you should be securing your smart contracts by ensuring that testing — specifically a wide variety of testing — is integrated into your smart contract…

Read more →

When exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks. Rate limiting comes to mind first, but it shouldn’t stop there. We can factor many features in the API Gateway…

Read more →

Infrastructure as Code (IaC) has emerged as a pivotal practice in modern software development, enabling teams to manage infrastructure resources efficiently and consistently through code. This analysis provides an overview of Infrastructure as Code and its significance in cloud computing…

Read more →

Increasing adoption of SaaS Applications and Web Based solutions created a demand for data and resource sharing. Cloud computing provides a combination of infrastructure, platforms, data storage, and software as services. It has replaced grid computing over the years and…

Read more →

Many companies strive to adopt the DevOps approach for software development and delivery. Alongside this, they face increasing security challenges, leading to the implementation of new innovative software development methods. The need for security in the software deployment process is…

Read more →

Cybersecurity threats are real, and with the enhanced proliferation of digitization in the business landscape today, websites have become an integral part of business communication with customers and partners. Therefore, companies look for new and secure ways to protect their…

Read more →

We all want to deliver quality experiences to our customers. Before we can ensure a quality experience for our customers, it is essential to establish a clear definition of quality specific to the product we are developing. Once established, embracing…

Read more →

In the video below, we will cover real-life considerations when working with dependencies in Java: How to find and trust the right dependencies How to consistently keep them updated How to protect against vulnerabilities How to handle team backlash against…

Read more →

A robust digital presence is essential in today’s business landscape. Web development evolves constantly with new frameworks and libraries for dynamic web applications. These platforms connect with your audience and boost business productivity. Embracing these advancements is vital for success…

Read more →

In recent years, cloud computing has emerged as a game-changer for businesses of all sizes. The ability to store and access data and applications over the internet has revolutionized the way companies operate, enabling them to be more agile, efficient,…

Read more →

Welcome to the world of Javascript development, where building, testing, and deploying applications can be complex and time-consuming. As developers, we strive to automate these tasks as much as possible, and that’s where npm scripts come in. npm scripts are…

Read more →

In today’s data-driven world, Customer Data Platforms (CDPs) play a pivotal role in helping businesses harness and utilize customer data effectively.   These platforms consolidate data from various sources, providing valuable insights into customer behavior and preferences. They enable businesses to comprehensively understand their customers, facilitating targeted marketing…

Read more →

Consistently in the top rankings of the TIOBE index for the past two decades, and with a current TIOBE ranking of 4, Java has proved to be one of the most popular programming languages even after more than 25 years…

Read more →

In today’s constantly evolving digital landscape, staying ahead of the competition requires organizations to innovate continuously. Additionally, delivering high-quality software at an accelerated pace has become essential. This is where DevOps comes into play. DevOps, short for Development and Operations,…

Read more →

Software supply chain security is a threat area that was popularized by SolarWinds and Log4j. For the first time there was widespread awareness of how exploiting popular software artifacts (libraries, frameworks, etc.) can give hackers entry, where they can then…

Read more →

Platform teams are an integral part of an IT solution delivery organization.  Every IT organization has a way of structuring its platform team based on its context and multiple considerations, including alignment with the Development or Operations of other units,…

Read more →

With the ever-increasing amount and variety of data, constantly growing regulations and legislation requirements, new capabilities and techniques to process the data, to become a data-driven organization, CIBC goes through enormous changes in all aspects of leveraging, managing, and governing…

Read more →

On March 20th, 2023, OpenAI took down the popular generative AI tool ChatGPT for a few hours. It later admitted that the reason for the outage was a software supply chain vulnerability that originated in the open-source in-memory data store…

Read more →

The universe of web improvement has gone through a beautiful development since its initial days during the commencement of the web. The method involved with creating and overseeing sites and online applications has gone through astounding progressions, molding the computerized…

Read more →

There have been major advances made in the use of machine learning models in a variety of domains, including natural language processing, generative AI, and autonomous systems, to name just a few. On the other hand, as the complexity and…

Read more →

Choosing the right data solution for your business can be a challenging process because there’s a wide selection of them, and even the same data can be processed and packaged differently. I’m here to help you understand when you should…

Read more →

As businesses aim to provide personalized experiences to their customers, they are increasingly integrating connected IoT devices into their operations. However, as the IoT ecosystem expands, protecting data from malicious individuals who may try to access and misuse personal information…

Read more →

OpenTelemetry (OTel) is an open-source standard used in the collection, instrumentation, and export of telemetry data from distributed systems. As a framework widely adopted by SRE teams and security teams, OTel is more than just one nice-to-have tool among many;…

Read more →

Nowadays, most people take it as a fact that the software we use daily is secure, and that is not really representative of the reality we live in in the software industry. A lot of the software on the market…

Read more →

Running tests is the necessary evil. I have never heard two or more engineers at the water cooler talking about the joys of test execution. Don’t get me wrong, tests are great; you should definitely have plenty of them in…

Read more →

With the COVID-19 outbreak, the e-commerce industry experienced significant growth, as the demand for online sales increased exponentially. With the decrease in live sales, multiple organizations, which ignored the online world or just hadn’t prioritized this marketing and sales channel…

Read more →

In the dynamic environment of software development, effective management of dependencies between pull requests (PRs) is pivotal to enabling smooth collaboration and seamless code integration.  But let’s face it, juggling dependencies manually can be a real challenge! This article has…

Read more →

If you work in software development, or indeed within any sector of the technology industry, you will have undoubtedly been part of discussions about, read headlines on, or even trialed a platform for generative artificial intelligence (AI). Put simply, this…

Read more →

The hype around blockchain technologies may have quieted, but the builders are still building. The toughest technical problems that kept blockchain from mass adoption over the past few years—slow and expensive transactions—are being solved by layer 2s. zkEVMs, and Linea…

Read more →

If we look at the banking market (7.5 trillion euro in 2022) and insurance ($5.6 trillion in 2022) applications, we will find it very regulative. Responsibility to act with personal data securely leads many companies to have a private cloud…

Read more →

Understanding the Need for Enhanced Security and Compliance In today’s digital world, data security, and privacy have become top priorities for businesses. With the increasing threat of cyberattacks and data breaches, it’s no longer enough to rely on traditional security…

Read more →

Amidst the rapid advancements in the utility and energy industry, where demands continually escalate, the role of IT operations has grown significantly, requiring enhanced capabilities to ensure seamless operations. The global IT operations and service management market is expected to…

Read more →

This article delves into additional authentication methods beyond those covered in previous articles. Specifically, we will explore token-based authentication and OAuth 2.0, explaining their concepts and demonstrating their implementation in MQTT. This article has been indexed from DZone Security Zone…

Read more →

Introduction to Biometrics Biometrics measures and analyses an individual’s physical and behavioral characteristics. It is a technology used for proper identification and access control of people under surveillance. The theory of biometric authentication is that everybody can be accurately identified…

Read more →

The importance of secure web applications can never be overstated. Protecting sensitive user data and making sure proper authentication is in place are essential whether you’re creating a straightforward blog or a sophisticated corporate solution. This is where the potent…

Read more →

In previous posts, we introduced that through the Username and Password fields in the MQTT CONNECT packet, we can implement some simple authentication, such as password authentication and token authentication. This article will delve into a more advanced authentication approach…

Read more →

I have already described how to secure a Spring Boot 2-based REST API with Keycloak here. Today, I would like to create a separate text with the same topic but for Spring Boot 3 — a newer, shiner version of…

Read more →

Veteran engineers likely remember the days of early software development, when software releases were delayed until they included all desired code complete features. This method resulted in extremely long wait times for users, not to mention security concerns and errors…

Read more →

In today’s world, databases are valuable repositories of sensitive information, and attackers are always on the lookout to target them. This has led to a rise in cybersecurity threats, making it essential to have proper protection measures in place. Oracle…

Read more →

The digital-first era has undoubtedly broadened the horizons of possibilities but has eventually increased the threat vector and created new vulnerabilities.  Whether we talk about phishing attacks or modern brute-force attacks where individuals’ identities are compromised, ignoring the importance of…

Read more →

Data Platform Evolution Initially, data warehouses served as first-generation platforms primarily focused on processing structured data. However, as the demand for analyzing large volumes of semi-structured and unstructured data grew, second-generation platforms shifted their attention toward leveraging data lakes. This resulted in…

Read more →