Tag: DZone Security Zone

Defending against zero- to low-cost attacks generated by threat actors (TA) is becoming increasingly complex as they leverage sophisticated generative AI-enabled infrastructure. TAs try to use AI tools in their attack planning to make social engineering schemes, convincing phishing emails,…

Read more →

Google BigQuery, Google Cloud’s data warehouse, provides a comprehensive suite of tools to help you control who can access your valuable data and what they can do with it. This blog post dives into the essential principles and practical techniques…

Read more →

Introduction to Kata Containers Kata Containers is an open-source project designed to deliver a secure container runtime environment by utilizing the virtualization layer provided by the server instance. Unlike traditional containers, Kata containers run within lightweight virtual machines (VMs) created…

Read more →

Real-time data streaming is changing the way organizations handle information. Whether it’s IoT devices sending sensor updates, retail platforms tracking customer activity, or financial institutions monitoring transactions for fraud, processing data “as it happens” gives you a major edge. When…

Read more →

Every programming language comes with its own set of security vulnerabilities, and JavaScript is no exception. Exploiting JavaScript vulnerabilities can lead to data manipulation, session hijacking, unauthorized data access, and more. Although commonly associated with client-side functionality, JavaScript security risks…

Read more →

More businesses than ever rely on cloud computing technologies to deliver reliable services at scale. With this shift to cloud-native technologies, microservices, and abstraction, the battle for security has shifted with it. Cloud security is no longer about traditional firewall…

Read more →

On one side, U.S. laws expand data access in the name of national security. On the other hand, French SecNumCloud ensures digital independence for European businesses. Let’s break down the implications of these two models on cybersecurity, compliance, and the…

Read more →

Governance, Risk, and Compliance (GRC) certifications have become crucial for professionals keen on securing cybersecurity and risk management roles. These certifications validate one’s skills and expertise, opening the door to new career opportunities in a dynamically changing environment.  With the…

Read more →

Recently, the Open Worldwide Application Security Project (OWASP) updated its Top 10 Risks for Mobile Applications for the first time since 2016. The security risk at the top this time? “Improper credential usage.” This is a wake-up call to mobile…

Read more →

Today’s cloud environments use Kubernetes to orchestrate their containers. The Kubernetes system minimizes operational burdens associated with provisioning and scaling, yet it brings forth advanced security difficulties because of its complex nature. The adoption of Kubernetes by businesses leads organizations…

Read more →

As part of the Android Application Security series, we are going to understand the security controls provided by Android OS (operating system) to protect the applications that are running on the device. Without these security controls in place, the data…

Read more →

Can an identity exist without being referenced by another identity? How would we know? That might seem a bit philosophical for a security tech article, but it is an important point to keep in mind when tackling the subject of…

Read more →

At the ASF’s flagship Community Over Code North America conference in October 2024, keynote speakers underscored the vital role of open-source communities in driving innovation, enhancing security, and adapting to new challenges.  By highlighting the Cybersecurity and Infrastructure Security Agency’s…

Read more →

As the Trump administration revokes Executive Order 14110, the U.S. shifts toward a market-driven AI strategy, departing from the Biden administration’s regulatory framework. While proponents see this as a catalyst for innovation and economic growth, critics warn of increased risks,…

Read more →

Keycloak is a powerful authentication and authorization solution that provides plenty of useful features, such as roles and subgroups, an advanced password policy, and single sign-on. It’s also very easy to integrate with other solutions.  We’ve already shown you how…

Read more →

What Is Data Governance, and How Do Data Quality, Policies, and Procedures Strengthen It? Data governance refers to the overall management of data availability, usability, integrity, and security in an organization. It encompasses people, processes, policies, standards, and roles that ensure…

Read more →

DuckDb is a powerful in-memory database that has a parallel processing feature, which makes it a good choice to read/transform cloud storage data, in this case, AWS S3. I’ve had a lot of success using it and I will walk…

Read more →

No matter where your company is located and in which field it operates, one thing is always true: today, SOC 2 is one of the standards tech companies should meet to be recognized for their security practices. If you’re tackling…

Read more →

OAuth 2.0 is a widely used authorization framework that allows third-party applications to access user resources on a resource server without sharing the user’s credentials.  The Password Grant type, also known as Resource Owner Password Credentials Grant, is a specific…

Read more →

Unit testing is an essential part of software development. Unit tests help to check the correctness of newly written logic as well as prevent a system from regression by testing old logic every time (preferably with every build). However, there…

Read more →