Tag: DZone Security Zone

The Southwest Airlines fiasco from December 2022 and the FAA Notam database fiasco from January 2023 had one thing in common: their respective root causes were mired in technical debt. At its most basic, technical debt represents some kind of…

Read more →

The blockchain space has gained considerable momentum over the past few years. Cryptocurrency remains this technology’s most widely recognized use case, but new applications and benefits emerge as it grows. For example, supply chain optimization is one less glamorous but…

Read more →

In the world of computing, security plays a crucial role in safeguarding resources. Over the past decade, various security models have been created to ensure the confidentiality, integrity, and availability of information. They present methods that organizations can adopt to…

Read more →

Application modernization has become a hot topic in recent years as organizations strive to improve their systems and stay ahead of the competition. From improved user experience to reduced costs and increased efficiency, there are many reasons companies consider modernizing…

Read more →

Quick Introduction to the Software Supply Chain Recently, “software supply chain attack” has been breaking all the news headlines. One infamous example is the SolarWinds attack or the 2020 United States federal government data breach. In fact, according to a…

Read more →

The RSA algorithm is a commonly used method for secure data transmission in the field of cryptography. It is a type of public-key encryption, which means that it uses two different keys for the encryption and decryption process: a public…

Read more →

Lots of companies are eager to provide their identity provider: Twitter, Facebook, Google, etc. For smaller businesses, not having to manage identities is a benefit. However, we want to avoid being locked into one provider. In this post, I want…

Read more →

Whether you’re at a startup, enterprise, or something in between, authorization and access control are likely major pain points for your team. This week on Dev Interrupted, we talk to Omri Gazitt, co-founder and CEO of Aserto. Omri joins us…

Read more →

AWS multi-account strategy is a powerful method of managing multiple AWS accounts within an organization. It is designed to help organizations scale and manage their cloud infrastructure more effectively while maintaining security and compliance. In this article, we will explore…

Read more →

Learning Adaptability A few weeks ago, my laptop crashed during a meeting. It was painful as I was about to start on an exciting new feature that my Product Owner (PO) had just proposed. I immediately rushed to the IT…

Read more →

In this article, we are going to discuss dependency injection and its usage and benefits. We will also discuss different ways to implement dependency injection. Prerequisites Basic understanding of the C# programming language. Understanding of Object-Oriented programming. Basic understanding of…

Read more →

One of the biggest concerns when using Kubernetes is whether we are complying with the security posture and taking into account all possible threats. For this reason, OWASP has created the OWASP Kubernetes Top 10, which helps identify the most…

Read more →

An API (Application Programming Interface) acts as an intermediary between two distinct software applications, enabling seamless communication and data exchange. By providing a standardized interface, APIs offer developers the ability to access specific functionalities or data from another software application…

Read more →

Organizations worldwide store 60% of their data in the cloud. The popularity of cloud computing will be undisputed in 2023 and is predicted to grow in future years. The main benefits of using cloud storage and computing services to run…

Read more →

What Is Product Security? Product Security is a process within the Cybersecurity function which aims to deliver a secure product, which includes the organization’s Web applications, Web services, Mobile applications, or any hardware manufactured. This focuses on considering security at…

Read more →

If you have ever encountered the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, you may have been puzzled by what it means and how to fix it. In this post, we will explain what causes this error and provide some tips on how to resolve…

Read more →

In any organization, it is a best security practice to have an SSL certificate installed on servers, applications, and databases. To get an SSL certificate, the first step is to have or build a Certificate Authority (CA). SSL Certificates and…

Read more →

As the use of artificial intelligence (AI) grows more widespread, it is finding its way into cybersecurity. According to research from Markets and Markets, global organizations are projected to spend $22.4 billion on AI solutions for cybersecurity this year. Usama…

Read more →

There is a common problem most backend developers face at least once in their careers: where should we store our secrets? It appears to be simple enough, we have a lot of services focusing on this very issue, we just…

Read more →

Last week, I wrote about putting the right feature at the right place. I used rate limiting as an example, moving it from a library inside the application to the API Gateway. Today, I’ll use another example: authentication and authorization.…

Read more →

Since the first introduction of the term DevOps, it seems that new ‘Ops” related terms pop up as quickly as technology trends. For example: AIOPs: Enhance and automate various IT processes with AI. MLOps: Develop, deploy, and manage machine learning.…

Read more →

On Randomness in Data Picking a random number might seem to be a no-brainer for us humans. We just close our eyes and say the first number that comes to our minds. But is this really the case for computers?…

Read more →

Making the test readable and maintainable is a challenge for any software engineer. Sometimes, a test scope becomes even more significant when we need to create a complex object or receive information from other points, such as a database, web…

Read more →

IAM stands for “Identity and Access Management.” IAM provides answers to the fundamental question in DevOps: “Who can access what?” The roots of IAM go back to the early days of computing, where users of UNIX systems needed a username…

Read more →

We live in a world where applications are used to do everything, be it stock trading or booking a salon, but behind the scenes, the connectivity is done using secrets. Secrets, such as database passwords, API keys, tokens, etc., must…

Read more →

Testing is a best-case scenario to validate the system’s correctness. But, it doesn’t predict the failure cases that may occur in production. Experienced engineering teams would tell you that production environments are not uniform and full of exciting deviations. The…

Read more →

The 2023 conference season officially kicked off on February 1st in Seattle. Over 1000 attendees, speakers, and security tool vendors gathered in Seattle for CloudNativeSecurityCon, the first stand-alone, in-person event of its kind. Over the course of 2 days and over…

Read more →

APIs (Application Programming Interfaces) are used to connect software applications, allowing them to share data and functionality. APIs are an essential part of modern software development, enabling developers to create more powerful and complex applications. However, APIs can also pose…

Read more →

A few days ago, I read an article by the author of Core-js. To be honest, it was my first time hearing about Core-js. As someone who has written some front-end code and has been keeping up with open source…

Read more →

Telecoms fraud is a prevalent and ever-evolving issue that affects both business and individual customers in the telecommunications industry. It encompasses a range of fraudulent and abusive activities that can cause significant financial damage to companies and individuals alike. Ranging…

Read more →

I recently gave a talk at CNCF Security Conference North America on the subject of zero-trust computing. In this post, I’ll provide an overview of the material from that talk, discussing how zero-trust computing is supported at the module, runtime,…

Read more →

Most apps have some sort of authentication. For this post, we will see how this flow works using Google’s One Tap sign-in, Firebase, and Amity. The tech stack we will be using is: This article has been indexed from DZone…

Read more →

Where It Started: History of Angular and React Angular  AngularJS was developed by Google (by Igor Minar, a former Google employee) as an open-source framework for developing Single Page Applications (SPA).  Other companies such as Netflix, Microsoft, PayPal, and more…

Read more →

Artificial intelligence (AI) is transforming the way we live and work in many ways, and cybersecurity is no exception. As AI becomes more and more advanced and accessible, it is changing the way we protect our systems and data against Cyber…

Read more →

Data masking, as we know, obscures sensitive information by replacing it with realistic but fake values, making it suitable for use in testing, demonstrations, or analytics.  It preserves the structure of the original data while altering its values through sophisticated…

Read more →

There is a common problem most backend developers face at least once in their careers: where should we store our secrets? It appears to be simple enough, we have a lot of services focusing on this very issue, we just…

Read more →

What Is Distributed Tracing? The rise of microservices has enabled users to create distributed applications that consist of modular services rather than a single functional unit. This modularity makes testing and deployment easier while preventing a single point of failure…

Read more →

Vendor security assessments can be very complex, especially when it comes to analyzing modern solutions. Obsolete threat modeling principles and frameworks become extremely unreliable and tricky as complexity increases. Security analysis also becomes further intricate as it is not limited…

Read more →

Transitioning to a managerial role could be hard. One day, you are developing and reviewing code. The next day, you are handling not just individuals but a multitude of teams, evolving into a people person and leading your squad toward…

Read more →

Security in software development is a critical issue that is often addressed late in the software development process (SDLC). However, with the increasing demand for secure applications and systems, integrating security into all stages of the SDLC has become essential.…

Read more →

API-First is an approach to software development that emphasizes designing and developing the API as the primary focus of development. This approach offers many benefits, including increased flexibility, reduced development time, increased reliability, and easier testing. By developing the API…

Read more →

Microsoft offers an Azure Key Vault, which is responsible for storing and managing secrets, keys, and certificates. All of them are present in a Hardware Security Module (HSM) that adheres to the standards of the industry. This suggests that “EV Code…

Read more →

Kubernetes is an open-source container orchestration platform that helps manage and deploy applications in a cloud environment. It is used to automate the deployment, scaling, and management of containerized applications. It is an efficient way to manage application health with…

Read more →

With the modern patterns and practices of DevOps and DevSecOps, it’s not clear who the front-line owners are anymore. Today, most organizations’ internal audit processes have lots of toils and low efficacy. This is something John Willis, in his new…

Read more →

This article will describe how to set up an SSL in a Spring Boot application. Almost all articles recommend you create a Keystore file using the Java key tool, and it still could make sense, but something new came up.  This…

Read more →

In a microservices architecture, it’s common to have multiple services that need access to sensitive information, such as API keys, passwords, or certificates. Storing this sensitive information in code or configuration files is not secure because it’s easy for attackers…

Read more →

Static code analysis is a method of debugging that involves reviewing source code prior to running a program. It is accomplished by comparing a set of code against one set or several sets of coding rules. Static code analysis is…

Read more →

I attended Dynatrace Perform 2023. This was my sixth “Perform User Conference,” but the first over the last three years. Rick McConnell, CEO of Dynatrace, kicked off the event by sharing his thoughts on the company’s momentum and vision. The…

Read more →

HTTP 1 vs. HTTP 1.1 vs. HTTP 2: Key Differences Between the Three HTTP Versions Comparisons are common, and it is nothing different in the cybersecurity world. One such technology is hypertext transfer protocol (HTTP). This is why there is…

Read more →

Introduction As we move/migrate applications from on-prem to the cloud, some of the key architecture decisions regarding hybrid integration are with reference to FileShare between the cloud and on-prem systems/users. When a part of the ecosystem goes to the cloud,…

Read more →

There are multiple ways you can deploy your Nodejs app, be it On-Cloud or On-Premises. However, it is not just about deploying your application, but deploying it correctly. Security is also an important aspect that must not be ignored, and…

Read more →

Passwordless authentication is becoming an increasingly popular choice for developers. Even notable names like Slack, Notion, and PayPal are all transitioning to SMS, email, or social logins for their authentication. A driving factor for its increasing adoption is that it’s…

Read more →

What Is Amazon SQS? Amazon SQS (Simple Queue Service) is a message queue service that enables application components to communicate with each other by exchanging messages. This is widely used to build event-driven systems or decouple services on AWS. Features…

Read more →

Innovative technologies are rapidly evolving, and blockchain is one such out-of-the-box invention. It helps users to transact securely and safely. Hence, the demand for blockchain application development is increasing. And this is when the app development frameworks come into play.…

Read more →

Because of the increasing number of cyberattacks, security has become an integral element of SDLC (Software Development Lifecycle). Secure software development is a requirement to protect software from cybercriminals and hackers, minimize any vulnerabilities, and maintain users’ privacy. In this…

Read more →

Currently, and for quite a while now, most developments are done under the umbrella of a framework. If we focus on the front end and JavaScript, we can find dozens of frameworks. It is challenging to reuse graphical interface elements…

Read more →

In the past few years, there has been a growing number of organizations and developers joining the Docker journey. Containerization simplifies the software development process because it eliminates dealing with dependencies and working with specific hardware. Nonetheless, the biggest advantage…

Read more →

Summary It is of utmost importance for enterprises to protect their IT workloads, running either on AWS or other clouds, against a broad range of malware (including computer viruses, worms, spyware, botnet software, ransomware, etc.  AWS GuardDuty Malware Protection service…

Read more →

Most engineers don’t want to spend more time than necessary to keep their clusters highly available, secure, and cost-efficient. How do you make sure your Google Kubernetes engine cluster is ready for the storms ahead?  Here are fourteen optimization tactics…

Read more →

Introduction Mobile app development is an evolving field, with new trends and technologies emerging every year. In other words, it’s rapidly changing and evolving and taking a key role. In recent years, there has been a significant increase in the…

Read more →

An IoT (Internet of Things) gateway is a device that acts as a bridge between connected IoT devices and other networks, such as the Internet. It provides a centralized platform for managing and processing data from multiple IoT devices and…

Read more →

In my previous articles, we discussed what Policy-as-Code is, why we need it, and how to use the Open Policy Agent (OPA) tool. If you haven’t read the introduction yet, please take some time to read it first here.  Following…

Read more →

As Kubernetes has become the de-facto platform to orchestrate containerized workloads, more users have begun to look for ways to control and secure their Kubernetes clusters. Hardening is a thing for sure, but what about enforcing policies inside a cluster?…

Read more →

Testing your digital platforms as part of a digital experience program is a vital element of ensuring that your customers have a seamless and user-friendly experience as they interact with your digital platforms. Of course, as with any other aspect…

Read more →

Cyberattacks targeting resource credentials such as session tokens are on the rise.  Recent high-profile cases such as the source code leaks of Slack’s GitHub repositories in January 2023, CircleCI in January 2023, and before that, GitHub accounts in April 2022…

Read more →

Are you utilizing Docker to deploy your applications? If so, you’re not alone. The use of Docker has skyrocketed in popularity in recent years. While it offers numerous benefits, it also introduces new security risks that need to be addressed.…

Read more →

I’ve been a Java developer long enough to remember the excitement when Sun introduced the concept of serialization in the JVM. In the world of C, we could just write a struct into a file, but this was always problematic.…

Read more →

AI is catapulting every sector into innovation and efficiency as machine learning provides invaluable insights humans never previously conceived. However, because AI adoption is widespread, threat actors see opportunities to manipulate data sets to their advantage. Data poisoning is a…

Read more →

I had the opportunity to catch up with Andi Grabner, DevOps Activist at Dynatrace, during day two of Dynatrace Perform. I’ve known Andi for seven years, and he’s one of the people that has helped me understand DevOps since I…

Read more →

In the first part of this article, we have seen how to set up a simple scenario with a Spring Cloud Config server and the client counterpart. The server was set with a native profile, and the configuration was stored in…

Read more →

Data governance is one of the most important undertakings for businesses today. Regulations like the GDPR and CCPA require organizations to have thorough insight and control over their data, and the costs of poor-quality information keep climbing. An effective governance…

Read more →

Cloud automation refers to the process of using technology to automate the deployment, management, and scaling of applications and infrastructure in a cloud computing environment. This can include tasks such as provisioning and configuring virtual machines, managing storage and networking…

Read more →

If you are living in the same world as I am, you must have heard the latest coding buzzer termed “microservices”—a lifeline for developers and enterprise-scale businesses. Over the last few years, microservice architecture emerged to be on top of…

Read more →

When it comes to infrastructure provisioning, including the AWS EKS cluster, Terraform is the first tool that comes to mind. Learning Terraform is much easier than setting up the infrastructure manually. That said, would you rather use the traditional approach…

Read more →

The second day of Dynatrace Perform kicked off with a great discussion between Kelsey Hightower, distinguished developer advocate at Google Cloud Platform, and Andi Grabner, DevOps evangelist at Dynatrace. The theme of their discussion was redefining the boundaries of people, processes, and…

Read more →

Introduction Microsoft 365 is a popular productivity suite used by organizations of all sizes. While it offers a wealth of features and benefits, it also poses security challenges, especially in terms of protecting user data. With cyber threats on the…

Read more →

What is the Industrial Internet of Things (IIoT)? IIoT refers to using interconnected devices, sensors, and machines in industrial settings. These devices can monitor and analyze data from various systems, giving businesses real-time insights into their operations. For example, a…

Read more →

Web hosting is a service that allows individuals and organizations to make their websites accessible on the internet. When you create a website, you need a place to store all of your website’s files, such as HTML, CSS, and images.…

Read more →

If you use Windows, you will want to monitor Windows Events. A recent contribution of a distribution of the OpenTelemetry (OTel) Collector makes it much easier to monitor Windows Events with OpenTel. You can utilize this receiver either in conjunction…

Read more →

Though the Internet of Things (IoT) has redefined our lives and brought a lot of benefits, it has a large attack surface area and is not safe until it is secure. IoT devices are an easy target for cybercriminals and…

Read more →

In many software organizations, terms like authentication, SSO, and SAML are heard pretty often. Admittedly, many people will run away when hearing these terms, trying to avoid doing any authentication-related work.  In this article, we will go over SSO fundamentals…

Read more →

The gaming industry has seen tremendous growth in recent years, with millions of players engaging in online games daily. As the industry grows, so does the need for secure game development practices. Cyberattacks are becoming more sophisticated and frequent, making…

Read more →

Security is one of the key challenges in Kubernetes because of its configuration complexity and vulnerability. Managed container services like Google Kubernetes Engine (GKE) provide many protection features but don’t take all related responsibilities off your plate. Read on to…

Read more →

Backup and disaster recovery are two critical components of a comprehensive data management strategy for businesses of all sizes. However, while both terms are often used interchangeably, they refer to two distinct processes. This article will examine the key differences…

Read more →

If you want to become a smart contract developer on Ethereum, then you need to learn Solidity. Whether your goal is DeFi, blockchain gaming, digital collectibles (NFTs), or just web3 in general, Solidity is the foundational language behind the innovative…

Read more →

With the cyber threat landscape growing constantly and cyberattacks becoming more sophisticated, it is imperative for any organization to be well-prepared with a clear and actionable cyber defense strategy. As noted by   Chuck Robbins, Chairman, and CEO at Cisco,…

Read more →

Background Information The story starts back in 2007 when our founders, Omri Gazitt and Gert Drapers, were working on what would eventually become Azure Active Directory. At that time, Active Directory was a keystone workload for Windows Server. It enabled…

Read more →

Can you prevent a cloud outage from negatively impacting your business? It isn’t always possible to anticipate cloud outages, but there are steps you can take to minimize their impact on your team. How can you get started preparing for…

Read more →

Both GraphQL and Protocol Buffers (Protobuf) are types of formats for transferring data between client and server. Each has its own set of advantages and disadvantages, and are used in different contexts, depending on the specific requirements of an application.…

Read more →

Over the past years, the adoption of Agile and DevOps grew, and together with it, we have also observed the rise of DevSecOps. Such practice recommends shifting left security testing and remediation of security vulnerabilities as early as possible within the…

Read more →

DNSSEC, short for Domain Name System Security Extensions, is a set of protocols that aim to secure the domain name system (DNS) against various security threats such as spoofing, cache poisoning, and eavesdropping. DNSSEC is designed to protect the authenticity…

Read more →

Connectivity is so daunting. By far, we are all used to instant connectivity that puts the world at our fingertips. We can purchase, post, and pick anything, anywhere, with the aid of desktops and devices. But how does it happen?…

Read more →

What in the World Is Technology? Technology is anything that makes tasks easier. It could be something as simple as a thimble to something as complex as AI. Technology, overall, has made life easier, more convenient, and more efficient. We’ll…

Read more →

The gaming industry has seen tremendous growth in recent years, with millions of players engaging in online games daily. As the industry grows, so does the need for secure game development practices. Cyberattacks are becoming more sophisticated and frequent, making…

Read more →

In many software organizations, terms like authentication, SSO, and SAML are heard pretty often. Admittedly, many people will run away when hearing these terms, trying to avoid doing any authentication-related work.  In this article, we will go over SSO fundamentals…

Read more →

Safari is the default browser on iPads, Macbooks, and iPhones. It lies second on browser preferences, right after Chrome. Its 250+ features offer users striking benefits that set it apart from other most popular browsers like Chrome and Firefox. Building on that,…

Read more →

Digital transformation requires agility and fast time to market as critical factors for success in any enterprise. The decentralization with a data mesh separates applications and business units into independent domains. Data sharing in real-time with data streaming helps provide…

Read more →

Data engineers are increasingly in high demand, especially as more company leaders realize it’s necessary to use reliable information for better decision-making. However, even the most skilled and experienced professionals can make mistakes. Here are some of them and how…

Read more →

One of the most popular method of authentication remains the password. In a previous article, we discussed the proper implementation of password authentication. However, relying solely on a password as the means of authentication is no longer sufficient, especially for…

Read more →

Machine learning is one of the most disruptive technologies across industries today. Despite this versatility and potential, many organizations struggle to capitalize on this technology’s full potential, especially in sectors like manufacturing that lack widespread ML skills and knowledge. High…

Read more →