Tag: DZone Security Zone

With the increasing use of Open GPTs in industries such as finance, healthcare, and software development, security concerns are growing. Unlike proprietary models, open-source GPTs allow greater customization but also expose organizations to various security vulnerabilities. This analysis explores real-world…

Read more →

Privacy-preserving techniques are keeping your data safe in the age of AI. In particular, federated learning (FL) keeps data local, while differential privacy (DP) strengthens individual privacy. In this article, we will discuss challenges associated with this, practical tools, and…

Read more →

Have you heard of the new OWASP Top 10 for Large Language Model (LLM) Applications? If not, you’re not alone. OWASP is famous for its “Top 10” lists addressing security pitfalls in web and mobile apps, but few realize they’ve…

Read more →

The Open Worldwide Application Security Project, OWASP, has just released its top 10 non-human identities risks for 2025. While other OWASP resources broadly address application and API security, none focus specifically on the unique challenges of NHIs. This new document…

Read more →

Any modern application is centered around APIs. They drive mobile applications, link business systems, and deliver new digital experiences. However, the convenience has its own risks — attackers often use APIs to break into systems. Basic security steps like authentication…

Read more →

Traditional authentication methods — passwords, centralized databases, and third-party identity providers — are plagued by security breaches, identity theft, and data privacy concerns. Blockchain-based authentication offers a decentralized, tamper-proof, and more secure alternative.   In this deep dive, we’ll explore:…

Read more →

Would you rather have determined that you are in fact secure, or are you willing to accept that you are “probably” doing things securely? This might seem like a silly question on the surface, after all, audits don’t work on…

Read more →

In this blog, we will take a closer look at Spring Security, specifically in combination with Keycloak using OpenID Connect, all supported with examples and unit tests. Enjoy! Introduction Many applications are supported by means of authentication and authorization. However,…

Read more →

Series reminder: This series explores how explainability in AI helps build trust, ensure accountability, and align with real-world needs, from foundational principles to practical use cases. Previously, in Part VII: SHAP: Bringing Clarity to Financial Decision-Making. This article has been indexed from…

Read more →

Enterprise cloud architecture demands sophisticated orchestration of infrastructure, configuration, and workload management across diverse computing platforms. The traditional approach of manual provisioning and siloed tool adoption has become a bottleneck for organizations seeking cloud-native agility while maintaining operational excellence. This…

Read more →

In the previous articles of this series, we explored the importance of data governance in managing enterprise data effectively (Part 1), how BigID supports data governance, particularly for data privacy, security, and classification (Part 2), and the role of Data…

Read more →

The digital infrastructure we’ve built resembles a house of cards. One compromised dependency, one malicious commit, one overlooked vulnerability and the entire edifice comes tumbling down. In March 2024, security researchers discovered something terrifying: a backdoor lurking within XZ Utils,…

Read more →

Container security is all about making sure you run an image that is exceptionally low in vulnerability and malware. I would love to say having zero vulnerabilities, but it is rarely possible in the real world. In the worst case,…

Read more →

“We recently purchased a Zero Trust solution.”  A statement like that makes even the most seasoned security experts cringe. Zero Trust is a ubiquitous notion in 2025, appearing in product packaging, seminars, and sales presentations. However, the fundamental idea is…

Read more →

Modern automation frameworks have come a long way—Playwright, Cypress, RestAssured, Cucumber, and Selenium enable teams to run sophisticated end-to-end validations across browsers and services. But under all that progress lies a risk that’s still alarmingly common: secrets hardcoded into test…

Read more →

This article demonstrates how a critical Trivy SBOM generation fix (PR #9224) can be scaled into an enterprise GenAI-powered platform, delivering comprehensive DevSecOps automation and millions in cost savings. We will explore the technical implementation from core dependency resolution improvements…

Read more →

Many times, while developing at work, I needed a template for a simple application from which to start adding specific code for the project at hand. In this article, I will create a simple Java application that connects to a…

Read more →

Do you have a use case where you want to implement a network firewall in IBM Cloud VPC that filters traffic based on hostname? For example, you may want to allow connections only to www.microsoft.com and www.apple.com, while blocking access…

Read more →

Series Overview This article is Part 2.3 of a multi-part series: “Development of system configuration management.” The complete series: This article has been indexed from DZone Security Zone Read the original article: Development of System Configuration Management: Handling Exclusive Configurations…

Read more →

I constantly have thoughts buzzing in my head, and I need to throw them somewhere or they’ll just fly away. So I thought I’d write a few articles about how our lives are becoming more like the movies and games…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Data Engineering: Scaling Intelligence With the Modern Data Stack. Data has evolved from a byproduct of business processes to a vital asset for innovation and…

Read more →

The overall landscape of app development is continuing with a transformative shift that is driven by various latest technologies, including AI or artificial intelligence, edge computing, and blockchain. These innovations are enhancing the efficiency and functionality of the apps, catering…

Read more →

Series Overview This article is Part 2.1 of a multi-part series: “Development of system configuration management.” The complete series: This article has been indexed from DZone Security Zone Read the original article: Development of System Configuration Management: Working With Secrets,…

Read more →

The Internet of Things (IoT) comprises smart devices connected to a network, sending and receiving large amounts of data to and from other devices, which generates a substantial amount of data to be processed and analyzed.   Edge computing, a…

Read more →

Introduction In the new cloud-native era, it is important to be able to scale and manage applications efficiently. Kubernetes, as a leading container orchestration platform, provides strong features for managing storage through Persistent Volume Claims (PVCs). Mapping Kubernetes to traditional…

Read more →

Introduction In modern industrial automation, security is a primary requirement to keep the regular operation of industrial connected devices without disruption. However, the rise of cyber risks also significantly impacts the industry’s sustainable operation. The evolving cyberattacks can affect the…

Read more →

AI is everywhere now, and cybersecurity is no exception. If you’ve noticed your spam filter getting smarter or your bank flagging sketchy transactions faster, there’s a good chance AI is behind it. But the same tech that helps defend data…

Read more →

TLDR: Certificate Authorities (CAs) are the ultimate trust brokers online, issuing the digital certificates that make secure web browsing, e-commerce, and confidential communications possible. This article breaks down what CAs do, the nuances of public and private trust, role of…

Read more →

Managing users efficiently is a key part of automating system administration with Ansible. In this guide, you’ll learn how to create users, set passwords, add users to groups, and configure remote access using Ansible’s powerful tools.  What is the Ansible…

Read more →

Keeping hundreds of endpoints patched and compliant sounds easy on paper until you’re juggling different departments, conflicting maintenance windows, and manual tracking spreadsheets. We knew our approach had to change when a missed update led to a critical zero-day vulnerability…

Read more →

Cloud computing offers unmatched scalability and flexibility, but it also introduces new security challenges. Developers must take proactive steps to secure applications, infrastructure, and sensitive data from cyber threats. In this tutorial, we will explore essential cloud security best practices…

Read more →

Artificial intelligence (AI) is becoming a core component in modern development pipelines. Every industry faces the same critical questions regarding the testing and securing of AI systems, which must account for their complexity, dynamic nature, and newly introduced risks. The…

Read more →

In the age of code dominance, where billions of dollars are controlled by lines of code, a frustrated coder crossed the boundary between protest and cybercrime. What began as a grudge became an organized act of sabotage, one that now…

Read more →

Designing cloud infrastructure for healthcare isn’t just about uptime and cost; it’s about protecting sensitive patient data and satisfying regulatory requirements like HIPAA and HITRUST. When we were tasked with migrating a healthcare client’s legacy workloads into Azure, we knew…

Read more →

Machine learning models don’t succeed in isolation — they rely on robust systems to validate, monitor, and explain their behavior. Top tech companies such as Netflix, Meta, and Airbnb have invested heavily in building scalable experimentation and ML platforms that…

Read more →

You can’t secure what you don’t understand, and right now, most enterprises don’t understand the thing running half their operations. Autonomous AI agents are here. They’re booking appointments, executing trades, handling customer complaints, and doing it all without waiting for…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. Software supply chain security is on the rise as systems advance and…

Read more →

As an architect, security is the first thing that comes to mind when defining an architecture for a customer. One of the key things that you need to keep in mind is minimizing the network traffic routed through the public…

Read more →

Series Overview This article is part 1 of a multi-part series: “Development of system configuration management.” The complete series: This article has been indexed from DZone Security Zone Read the original article: Development of System Configuration Management: Introduction

Read more →

The rise of data mesh architectures redefines how modern organizations have approached the concept of data security. Standard best practices dictate that data should be centralized, allowing it to be collected, stored, and governed within monolithic systems, such as data…

Read more →

APIs have emerged as the cement of the contemporary application. APIs are at the heart of the movement of data, and the interaction of systems, whether in the form of mobile apps and web frontends or microservices and third-party integrations.…

Read more →

This tutorial is all about implementing JWT Policy Enforcement in API Manager using a sample RAML-based project. It’s especially helpful when applying policies through the API Manager in the Anypoint Platform. Along the way, you’ll also learn how to secure…

Read more →

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In parts 2 and part 3 of this blog series, we introduced the open-source Trestle SDK, which implements the NIST…

Read more →

Most developers don’t start their day thinking, “Is our internal directory secure?” They’ve got builds to run, bugs to squash, maybe a pull request or five to review. But internal directories (like Active Directory or Azure AD) aren’t just a…

Read more →

With the release of the IBM® App Connect Operator version 12.1.0, you can now use your existing Keycloak instance to configure authentication and authorization for App Connect Dashboard and Designer Authoring. Building on top of the capability to use Keycloak,…

Read more →

In 2025, mobile applications are smarter, faster, and increasingly location-aware. From e-commerce personalization to regional compliance, knowing where a user is located adds critical context to the user experience. While GPS provides the most accurate location data, it isn’t always…

Read more →

In this blog, you will learn how to set up the OpenID Connect Authorization Code Flow using Keycloak. You will execute the flow yourself in order to get a better understanding of OIDC. Enjoy! Introduction Adding security to your application…

Read more →

As software continues to eat the world, and AI becomes a force multiplier for attackers, those of us tasked with defending our systems have to be more focused, deliberate, and proactive in our approaches. We have to rise up to…

Read more →

Your organization’s entire infrastructure moved to the cloud last year, but your security team is still thinking like it’s 2015. They’re applying traditional network security controls to cloud environments, creating bottlenecks that slow down your deployments and leave massive security…

Read more →

In the rapidly evolving landscape of cloud automation and multi-cloud strategies, the secure handling of sensitive data, particularly credentials, has emerged as a paramount concern. Traditional methods of storing long-lived credentials, whether in configuration files, CI/CD pipelines, or dedicated secret…

Read more →

GitHub Copilot is not just a new tool anymore. It’s becoming a code productivity accelerator tool. In regulated industries like fintech, where speed must match uncompromising security standards. AI-assisted coding can shift the developer workflow from reactive to proactive.  In…

Read more →

Infrastructure as Code (IaC) was supposed to solve the chaos of cloud operations. It promised visibility, governance, and the ability to scale infrastructure with confidence. But for many teams, the reality is far from ideal.  Instead of clarity and control,…

Read more →

Picture this: you’re a cybersecurity pro up against an invisible enemy. Hidden in your network are zero-day exploits, which represent unknown vulnerabilities that await their moment to strike. The time you spend examining logs becomes pointless because the attack might…

Read more →

Secure Multi-Tenancy Implementation Guide As a developer who has worked extensively with SaaS applications, I’ve learned that implementing secure multi-tenancy is one of the most critical aspects of building scalable software-as-a-service platforms. Through my experience, I’ve compiled this comprehensive checklist…

Read more →

The cross-section of artificial intelligence and data governance has come to a defining moment in 2025, but Databricks is taking the lead here. As AI technologies and enterprise data ecosystems evolve rapidly, and the ecosystems themselves become more complex, traditional…

Read more →

Microservices enable modern application architecture in today’s fast-changing digital world. They break apps into smaller, deployable services, and this accelerates development, improves scalability, and increases flexibility.  Cloud computing’s capabilities for distributed systems and containerized settings make this step vital, contributing…

Read more →

The comfort zone of anonymization is breaking. For years, enterprises have limited their privacy goals to surface-level techniques of anonymization. Techniques such as Mask PII, which obfuscate identifiers and others, are often assumed to ensure compliance without thorough execution. And…

Read more →

Data modernization is a strategic endeavor that transforms the way organizations harness data for value creation. It involves adopting innovative approaches in terms of accessibility, governance, operations, and technology, typically centered around modern cloud architectures. This transformation is not limited…

Read more →

The principle of least privilege is fundamental to securing cloud environments by ensuring that identities have only the permissions necessary to perform their tasks. In AWS Identity and Access Management (IAM), sticking to the principle of least privilege is one…

Read more →

Working with multiple threads is one of the most complex problems we may encounter in our daily work. When put against the wall of multithreading, most people right away reach out for blocking approaches. In Java, it takes the form…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. High-profile software supply chain attacks like SolarWinds, Log4j, and MOVEit highlight the…

Read more →

Are you looking for a way to expose your containerized applications to the internet without breaking compliance with IBM Cloud for Financial Services? This guide walks through how to do just that. It shows how to securely expose your apps…

Read more →

Picture this: you’re a cybersecurity pro up against an invisible enemy. Hidden in your network are zero-day exploits, which represent unknown vulnerabilities that await their moment to strike. The time you spend examining logs becomes pointless because the attack might…

Read more →

In multi-tenant systems—whether you’re managing an API gateway, identity platform, or SaaS product—access control is essential. Two of the most widely used tools for managing that access are allowlists and denylists. These mechanisms define who or what is permitted or rejected,…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. The software supply chain has rapidly evolved into a critical vulnerability point…

Read more →

API management has emerged as a critical and strategic factor in staying ahead of the market leaders. However, digital transformation has significant disadvantages, such as opening the door to hackers.  Hackers have been quick to take advantage of a serious…

Read more →

Applications related to the web enable business, e-commerce, and user interactions to be the backbones of the e-world of a more and more digital world. In this growth, there is one thing that has gone up, and that is web…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. In today’s software landscape, the supply chain has grown from a controlled…

Read more →

Web development in 2025 has evolved at an incredible pace. We’ve gone from clunky monoliths to sleek, scalable apps powered by frameworks like Next.js, which millions of developers now rely on for building modern, server-rendered React applications. But as our…

Read more →

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In the last two blog posts of this multi-part series on continuous compliance, we presented Compliance Policy Administration Centers (CPAC)…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. The goal of DevOps and DevSecOps — and whatever future contractions come…

Read more →

Modern CI/CD pipelines are essential for rapid and reliable software delivery. But as pipelines automate more stages of the development lifecycle—from code validation to production deployment—they have also become a major target for exploitation. Traditional pipelines often operate on broad…

Read more →

SSL/TLS certificates are foundational to secure communications on the internet. However, Windows environments present unique challenges that go beyond basic certificate installation and troubleshooting.  If you’re already familiar with SSL fundamentals, you’ll want to know how to handle complex certificate…

Read more →

Look, I’ve been in cybersecurity for over a decade, and I’m tired of seeing the same preventable disasters over and over again. Cloud security breaches aren’t happening because of some sophisticated nation-state actor using a zero-day exploit. They’re happening because…

Read more →

Cloud platforms have become prime targets for ransomware and malware attacks, which can paralyze businesses by encrypting data or exfiltrating sensitive information. Traditional security tools such as signature-based antivirus and rule-based systems often struggle to detect advanced threats that mutate…

Read more →

Speed kills. In software development, that axiom has never been more literal. DevOps pipelines surge through modern enterprises like digital bloodstreams — pumping code, configurations, and deployments at breakneck velocity. Continuous integration and continuous delivery are the promises of rapid…

Read more →

It’s no secret that technology is evolving much faster than our traditional Identity and Access Management systems can handle. These legacy systems were designed for simpler times, when everything was hosted locally and security was perimeter-based. So, in an era…

Read more →

Emerging technologies like homomorphic encryption and zero-knowledge proofs can definitely help organizations approach zero-trace personal data anonymization. These and similar techniques can bring datasets to a near-zero-trace status, even achieving it in limited cases. There’s a major force that’s acting…

Read more →

Visual tracking systems are essential for applications ranging from surveillance to autonomous navigation. However, these systems have a significant Achilles’ heel: they rely heavily on large, labeled datasets for training. This reliance makes it challenging to deploy them in real-world…

Read more →

The world of AI, especially with Large Language Models (LLMs) and Generative AI, is changing the game. It’s like we’ve unlocked a superpower for creating content, automating tasks, and solving tricky problems. But, as with any new superpower, there are…

Read more →

Microservice is the false belief that adding a message broker to your app will somehow magically make it faster and more scalable. Ignoring the fact that this is, in itself, an oxymoron—and that your app quite literally becomes two billion…

Read more →

Recently, I explored how the Model Context Protocol (MCP) is gaining traction in the Java ecosystem, with frameworks like Spring AI, Quarkus, and LangChain4j starting to adopt it for integrating language models via standardized interfaces. It was also time to…

Read more →

CRITICAL_PROCESS_DIED is a notorious Windows error that triggers the dreaded Blue Screen of Death (BSOD), often leaving users frustrated and unsure of how to proceed. This error typically indicates that a critical system process has unexpectedly terminated, causing Windows to…

Read more →

Software projects can have disastrous breaches resulting from security flaws that expose private information and compromise user confidence. Preventive security measures become critical as applications get more sophisticated. One of the best ways to find and reduce possible hazards before…

Read more →

Abstract: Healthcare systems around the world are at a critical juncture, navigating the pressures of digital transformation, rising cybersecurity threats, and fragmented data landscapes. While the volume of healthcare data grows exponentially, the capacity to manage it securely and effectively…

Read more →

Large language models are fast-developing and transforming the way we use technology. The rise of generative AI tools like ChatGPT and Gemini in 2022 has led to common business exploration and employee adoption, frequently including unapproved use of tools such…

Read more →

Are we getting too aggressive with speed and efficiency in automation, losing the battle to security? If security isn’t prioritized, automation can accelerate risks as quickly as it accelerates processes, leading to severe consequences. A study conducted on the IBM…

Read more →

As the degree of account takeovers and unauthorized access attempts continues to be more and more sophisticated, the time to notify users about security-critical situations has become a vital issue. The moment when a system becomes aware of irregular behavior…

Read more →

Cybersecurity doesn’t fail because someone forgot to patch a server. It fails because no one asked the right questions early enough, and because the wrong people were trusted to find the answers. Most companies start building a cybersecurity team only…

Read more →

A security architect’s role extends far beyond designing secure systems. It demands a continuous, vigilant approach to assessing the effectiveness of implemented controls against evolving threats. With the proliferation of cloud-native architectures, microservices, and distributed environments, a mere checklist approach…

Read more →

In software development, efficiency and security are key, especially for applications that require multi-factor authentication (MFA). MFA enhances security but complicates automated testing, particularly for key business processes like logins or transaction validations.  Altering testing environments to handle MFA differently…

Read more →

When building web applications, handling authentication securely and reliably is critical. That’s where OpenID Connect (OIDC) comes in. OIDC is a thin identity layer built on top of OAuth 2.0, and it gives your app the ability to verify who…

Read more →

Kubernetes Admission Controllers are a powerful but often overlooked security mechanism. Acting as gatekeepers, they intercept API server requests before objects are persisted in etcd, allowing you to enforce custom policies or inject configurations automatically. Whether it’s blocking privileged containers…

Read more →

Data-driven policy refers to the practice of using data, analytics, and empirical evidence to inform and guide government decision-making, moving beyond reliance on intuition or anecdotal information. Governments must be agile, transparent, and resilient in their decision-making. The convergence of…

Read more →

Digital twins and IIoTs are evolving technologies that are transforming the digital landscape of supply chain transformation. The IIoT aims to connect to actual physical sensors and actuators. On the other hand, DTs are replica copies that virtually represent the…

Read more →

Cybersecurity is more critical than ever as technology becomes more integrated into our daily lives and business operations. Cyber threats change quickly, so software developers need to make sure that apps, data, and users are safe by putting strong security…

Read more →

Kubernetes has become the de facto standard for orchestrating containerized applications. As organizations increasingly embrace cloud-native architectures, ensuring observability, security, policy enforcement, progressive delivery, and autoscaling is like ensuring your spaceship has enough fuel, oxygen, and a backup plan before…

Read more →

With an ever connected and globalized world, it is not surprising that cybersecurity attacks are on the rise. The repercussions of persistent cybersecurity attacks touch all types of organizations regardless of scale, from huge international companies to small local non-profits…

Read more →

When you became a developer, you didn’t imagine you’d be spending a big chunk of your time parsing vulnerability reports, getting stuck in security review cycles, or rerunning CI jobs because the pipeline flagged a dozen “critical issues,” half of…

Read more →

Serverless computing, app development, and deployment have been completely revolutionized by its unparalleled scalability and cost efficiency. Infrastructure management abstraction, which is provided by serverless platforms like AWS Lambda, Google Cloud Functions, and Azure Functions, allows developers to concentrate on…

Read more →