Tag: DZone Security Zone

Read the original article: OWASP Mobile Top 10 Vulnerabilities and Mitigation Strategies According to Statista, there are 3.5 billion smartphone users. That means a lot of people could become victims of insecure mobile apps. The OWASP Mobile Top 10 list…

Read more →

Read the original article: Biggest Security Takeaway of 2020: Don’t Leak Secrets on GitHub 2020 has been crazy, especially in security. We could list all the insane things that have happened this year, but you were there; you lived through…

Read more →

Read the original article: Eliminating API Authentication and Access Control Security Gaps Traditional applications (almost) always have strong authentication and access controls in place to help safeguard data. APIs – which help transmit or provide access to sensitive information –…

Read more →

Read the original article: Configuring SSL/TLS Connection Made Easy Setting up encryption for your application, how hard can it be? I thought it would be easy, after all, all communication with modern web applications should be encrypted, right? Well, my…

Read more →

Read the original article: FaaS: Security Considerations to Know Before Going Serverless Serverless architecture is becoming a compelling choice for developers and companies to host their applications. It is easy to see why with its ability to dynamically scale to…

Read more →

Read the original article: Remote Cybersecurity: Threats and Best Practices While Working From Home COVID-19 has transformed how companies operate today. With 50 percent to 90 percent of staff working remotely, organizations are now looking at remote work as the…

Read more →

Read the original article: Using Machine Learning for Static Analysis In some ways, machine learning and AI systems are becoming a victim of their own success. While they are genuinely useful in many fields, particularly when it comes to marketing…

Read more →

Read the original article: API Security Weekly: Issue #114 This week, we check out the API aspects of the recent SolarWinds and PickPoint breaches. Also, we have a review on how to shift API security left with GitHub and 42Crunch…

Read more →

Read the original article: The Growing Importance of Endpoint Security What to make of this world driven by technology? Is it a benefit or a problem for society? The truth is, it’s both. While technology is the backbone of greater…

Read more →

Read the original article: Top 9 Web Security Tools to Secure Your App/System Security testing is used to identify the unapproved users within some information system and make the data secure. A conscientious and well carried out security testing can…

Read more →

Read the original article: ContainerDrip, Another Example of Why HTTP Basic Authentication Is Flawed The latest exploit in the series of issues with cloud infrastructure software is called “ContainerDrip” (CVE-2020-15157). In some cases, it can cause you to leak your…

Read more →

Read the original article: Part II: Secure Coding Made Easy: 5 Tips to Integrate Security into Development You’ve heard it before: it’s time to get serious about security. Cyber threats aren’t slowing down, which means security must become a critical…

Read more →

Read the original article: Authorization Code Grant Flow With Spring Security OAuth 2.0 Introduction We have learned about OAuth – 2.0 specification in previous articles and how we can implement OAuth – 2.0 client credentials grant flow working with spring’s…

Read more →

Read the original article: Securing a K3s Cluster Container security is the process of implementing security tools and policies to protect the container, its application, and performance, including infrastructure, software supply chain, system tools, system libraries, and runtime against security threats.…

Read more →

Read the original article: What COVID-19 Teaches Us About Micro-Segmentation and Run-Time Cloud Workload Protection What COVID-19 Has to Do With Network Security The Coronavirus has been the top celebrity of the year 2020. The world was and is fighting…

Read more →

Read the original article: Best 5 WordPress Security Plugins: Secure Your WP Site Never try to compromise with your blog security. In this list, there are both free and paid types of plugins to secure your website from digital attacks…

Read more →

Read the original article: Best 5 WordPress Security Plugins: Secure Your Wp Site Never try to compromise with your blog security. In this list, there are both free and paid types of plugins to secure your website from digital attacks…

Read more →

Read the original article: 5 Uses of Automation in Cybersecurity Cybersecurity has turned out to be the greatest challenge for businesses in recent years. Just a year ago, data breaches exposed 4.1 billion records. As per the Cost of Data…

Read more →

Read the original article: Ruby Security Pitfalls and How to Avoid Them Ruby is a very versatile language. It combines the simplicity of an elegant syntax with powerful features such as support (and encouragement) for monkey patching. Thanks to the…

Read more →

Read the original article: API Security Weekly: Issue #113 This week, we take a look at the recent API vulnerabilities reported at YouTube and 1Password, a detailed OpenID Connect (OIDC) security research, and how Assetnote Wordlists can be used in…

Read more →

Read the original article: A Quick How-To Guide: Security With Spring Boot and Vaadin Fusion When you build a web application, you’re working with many moving parts and pieces. Your frontend app is running business logic, the backend server deals…

Read more →

Read the original article: API Security Weekly: Issue #112 This week, we have the recently reported API vulnerability in Duffel’s Paginator, a new API fuzzer from Microsoft Research, an upcoming JWT security webinar, and a recorded talk on approaches to…

Read more →

Read the original article: Implementing Your Own Spring Boot Oauth2 Authorization Server Before starting this post, please make sure that you have a conceptual understanding of how OAuth works and its terminologies. If you don’t, you may want to check…

Read more →

Read the original article: 10 Cyber Security Tools to Watch Out for in 2021 With an immense number of companies and entities climbing onto the digital bandwagon, cybersecurity considerations have come up as limelight. Besides, new technologies such as Big…

Read more →

Read the original article: An Overview of Security Testing Tools in DevOps Strategically, security testing tools blend into a DevOps workflow, essentially forming a DevSecOps model while improving production efficiency and minimizing software development costs. Such tools allow you to…

Read more →

Read the original article: API Security Weekly: Issue #111 This week, we take a look at the recent API security issues with Resource-Based Policy APIs at Amazon Web Services (AWS), Backup Gateway APIs at Tesla, and in Twitter Fleets. In…

Read more →

Read the original article: Exposed AWS Secret Access Key To GitHub Can Be a Costly Affair – A Personal Experience I would like to share an experience which is related to securely storing access keys and billing of AWS cloud…

Read more →

Read the original article: Blockchain In Medicine and Pharmaceuticals: Complete Overview of Possibilities Over the past five years, blockchain has gained immense popularity almost from scratch. Although this popularity was somewhat overheated by the hype over Bitcoin, blockchain remains a…

Read more →

Read the original article: Introduction To OAuth Framework You must have heard this word Oauth if you are from a development background. It is because of its popularity, in a few past years technology has evolved a lot and so…

Read more →

Read the original article: Azure Resource Owner Password Credentials Flow Introduction Azure provides ROPC (Resource Owner Password Credentials) flow where the Application exchanges user credentials for accessToken and refresh token. There are a few important points to consider when planning…

Read more →

Read the original article: What Are Different Strategies for Security Testing? In this modern interconnected world, the software application is considered the “front door” for several people worldwide through which to enter into your business. This assists enterprises to reach…

Read more →

Read the original article: Database Authentication + Spring Security SAML If you are going to be developing web applications in Java, there is no doubt you are familiar with Spring Boot, a veritable toolbox for developing web applications. The most…

Read more →

Read the original article: API Security Weekly: Issue #110 This week, we check out API vulnerabilities in the dating app Bumble and COVID-KAYA, an app for frontline healthcare workers in the Philippines. There’s also a new Forrester report and an…

Read more →

Read the original article: V8 Array Overflow Exploitation: 2019 KCTF Problem 5 Introduction to the KCTF Problem Problem 5 – 小虎还乡 of the 2019 KCTF Competition provides us with a vulnerable v8. The v8 has an array overflow vulnerability. But…

Read more →

Read the original article: Use Spring Security and Feature Flags to Test in Production Okta is used as an Access Management and Identity platform. In short, Okta shoulders the responsibility of secure authentication and authorization, allowing you to spend time…

Read more →

Read the original article: A Complete Guide to the Stages of Penetration Testing As per the new study, 95 percent of all successful hacks in the companies worldwide are the result of spearfishing. This is a kind of an email…

Read more →

Read the original article: What To Look For In Your Next SIEM Provider Security information and event management (SIEM) software is a security information system that analyzes security alerts and data generated from devices on a network in real-time. It…

Read more →

Read the original article: API Security — 3rd-Party Key Manager Support In WSO2 API Manager 3.2.0 API Security is one of the most discussed topics in the industry today, and it is one of the top/ critical items in the…

Read more →

Read the original article: How To Check the Encryption Certificate of an AS2 EDIINT Data AS2 aka Applicability Statement 2 communication protocol, one of the most widely used secured protocols used in the B2B world can sometimes be very tricky to…

Read more →

Read the original article: Strengthen Enterprise Security Through Network Isolation Approach IT security managers are increasingly waking up to realize that the sheer quantity of regular generated malicious and non-malicious software programmers requires them to be on their toes, searching…

Read more →

Read the original article: API Security Weekly: Issue #109 This week, another API has been leaking voter data in the US, we take a look at Dynatrace’s API token best practices as well as Dredd, an open-source OpenAPI verification tool,…

Read more →

Read the original article: What’s New In OAuth 2.1? The OAuth 2.1 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the…

Read more →

Read the original article: Unit Testing Ethereum Smart Contract In Solidity: Tips and Tricks Unlike other software programs, smart contact, if deployed once into a specific address, can not be modified or removed. This unique constraint make the vulnerability in…

Read more →

Read the original article: [Part 2] Mule 4: Using SSL/TLS This is the second part of the series in learning how to configure the Mule Application to use One Way SSL and Two Way SSL. In the first part, SSL/TLS Concepts…

Read more →

Read the original article: API Security Weekly: Issue #108 This week, we have the recent API vulnerabilities in Thrillophilia and GitLab, there is a new free online course on OpenID Connect, and OpenAPI support has been recently added in Cloudflare.…

Read more →

Read the original article: SASE: Looking Into the Future of Remote Network Access The global impact of the COVID-19 pandemic is forcing millions of people to work from home. However, the traditional network and network security models cannot effectively support…

Read more →

Read the original article: OPA and Gatekeeper: OPA or Gatekeeper? In the last couple of posts, I wrote about Open Policy Agent (OPA). People almost always ask one question – what is the difference between OPA and Gatekeeper when it…

Read more →

Read the original article: How Opsbrew Masks PII Data in Logs Using Machine Learning and Regex Introduction Masking PII data in logs is an overlooked yet important aspect when managing log data for cloud-native applications. I was in conversation with…

Read more →

Read the original article: Stopping a Cyberattack: Managed Detection and Response In Action This is a true story. The targeted company wishes to remain anonymous – typical in instances of compromise – so we’ll call it Horizon. With the help…

Read more →

Read the original article: Using SSDLC to Prepare for Security Incidents From a software engineer’s point of view, fixing a security issue can be equal to removing an opportunity to exploit a product. While from a security engineer’s point of…

Read more →

Read the original article: BitCode – Blockchain for HTTP Lambda Invocations BitCoin is basically a digital ledger system, allowing for keeping transactions based upon cryptographic signatures in a decentralised database, ensuring the transaction was initiated by the person owning the…

Read more →

Read the original article: Unit Testing Ethereum Smart Contract In Solidity: Tips and Tricks Unlike other software programs, smart contact, if deployed once into a specific address, can not be modified or removed. This unique constraint make the vulnerability in…

Read more →

Read the original article: For Secure Code, Maintainability Matters Author Robert Collier said that “Success is the sum of small efforts repeated day in and day out.” That’s especially true when it comes to security. By now we all understand…

Read more →

Read the original article: The Biggest Endpoint Security and Deception Software Trends Technological advances in interconnected devices are pushing companies to operate more efficiently and are making global cyber threats increasingly prevalent. As technology advances, companies should ensure they have…

Read more →

Read the original article: OpenSSL Key and IV Padding OpenSSL is an omnipresent tool when it comes to encryption. While in Java we are used to the native Java implementations of cryptographic primitives, most other languages rely on OpenSSL. Yesterday…

Read more →

Read the original article: Built-In, Not Bolted-On—What It Takes To Build-In Info Security Introduction Application security is more critical now than ever before.  Given the increasing trend of remote access to applications and online transactions by end-users the attack vector…

Read more →

Read the original article: API Security Weekly: Issue #107 This week, we check out three API vulnerability reports for Waze, Amazon Web Services (AWS), and the UK NHS COVID-19 app. In addition, the new Forrester study of the technologies constituting…

Read more →

Read the original article: RBAC for SSH and Kubernetes Access With Teleport [Webinar Sign-up] Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are…

Read more →

Read the original article: Can Your Software Development Processes Withstand a Software Supply Chain Attack? Enterprise software development has graduated from the “waterfall” framework of development and operations – and has become less linear, more complex and, in several ways,…

Read more →

Read the original article: How to Protect Yourself and Your Company From Phishing and Targeted Attacks An Imperfect Machine People have been, and will always be, targeted in the tech world—and with tech advancements come more advanced attacks. Specific attacks,…

Read more →

Read the original article: Why Observability Is the Next Big Thing in Security Observability for Application Security Is a Must-have It’s not easy to tell modern security stories to users of legacy security solutions still attached to squeezing some fading…

Read more →

Read the original article: Cryptographically secured HTTP lambda invocations A lambda function invocation is when the caller supplies a piece of code to a function, for then to have the other function execute the code the caller supplied. In the…

Read more →

Read the original article: API Security Weekly: Issue #106 This week, we have the recent API vulnerabilities at GitLab and Grindr, the APICheck tool gets donated to OWASP, there’s a summary on the basics of API authentication options, and complimentary…

Read more →

Read the original article: Conversations About Salesforce Part 2 – Security, Plumbing, and a Sneeze I had great fun writing my recent article “Objects, Relationships, and the Cat” in which I shared one of the things I enjoyed most about…

Read more →

Read the original article: How To Mask Sensitive Data You can leverage the Log4j Framework by Apache to make changes to the message logger during application execution.  In the case where you are dealing with sensitive data in your application,…

Read more →

Read the original article: Teach yourself AES cryptography in 7 seconds When I started implementing AES cryptography in Magic, I did as most other developers, I went to Google to see if Jon Skeet had already written out my code…

Read more →

Read the original article: How NSA Hacks Your Webcam? This is a long-awaited post, I was thinking to post about this as soon as I watched the Snowden movie a few years ago. And today morning as I saw this about…

Read more →

Read the original article: Teach yourself Public Key Cryptography in 5 seconds – Cypherpunk 1 When I taught myself cryptography, I felt like an idiot for months. Either I was too stupid to get it, or the subject was made…

Read more →

Read the original article: How Can NSA Hack Your Webcam? This is a long-awaited post, I was thinking to post about this as soon as I watched the Snowden movie a few years ago. And today morning as I saw this…

Read more →

Read the original article: How MFA Can Be Used Against You When signing in to a device or application, you are often asked for proof of identity, though a password or key, or even proof of ownership of another device…

Read more →

Read the original article: The State of Ransomware Detection and Malware Prevention Every year, as the cybersecurity requirements of businesses become more complex, technology continues to evolve beyond them. Although the new Internet of Things (IoT) devices and cloud-based systems…

Read more →

Read the original article: API Security Weekly: Issue #105 This week, we take a look at API vulnerabilities in HashiCorp Vault, Azure App Services, and more. There is also an introductory video on finding information disclosure in JSON and XML…

Read more →

Read the original article: Endpoint Management and Security In a Work-From-Home World Network administrators have long been stretched thin in their attempts to maintain global endpoint security settings, configurations, and patching. Now that most, if not all, of their organization’s…

Read more →

Read the original article: How To Navigate WebAuthn…and Its Complications Both consumer and enterprise users can benefit greatly from FIDO2 and WebAuthn. However, there are difficulties that can prove confusing for IT departments, as they are different than other consumer…

Read more →

Read the original article: Do You Follow These Principles for Enterprise Application Security? It hasn’t been more than a decade that Marc Andreessen made the famous declaration: “Software is eating the world.” Software applications are running the world. But the…

Read more →

Read the original article: The Importance To DevOps In Navigating the Service Mesh Map A “service mesh” is an infrastructure layer regulating the interactions and relationships between applications and microservices. Rather than a source of fundamentally new features, it provides…

Read more →

Read the original article: 7 Web Application Security Best Practices Web Application Security has been one of the most significant parts when it comes to web app development. Developers need to make sure the security of apps as there is…

Read more →

Read the original article: Video Encryption Types, Security Level, and Compatibility Have you noticed how in recent years there has been a rapid increase in the number of OTT platforms such as Netflix, Amazon Prime, Disney plus and so much…

Read more →

Read the original article: Vulnerability Assessment and Penetration Testing Introduction In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber-attacks. Vulnerability assessment can help…

Read more →

Read the original article: API Security Weekly: Issue #104 This week, we check out the recent API-related vulnerabilities at Twitter and Grandstream Networks, the newly added support for mutual TLS (mTLS) in AWS API Gateway, and the API security episode…

Read more →

Read the original article: Why USB Security Policy Matters Honeywell released a report that over 40% of USB portable storage devices contain at least one risky file and over 25% of those threats could lead to operational issues. In 2018,…

Read more →

Read the original article: 5 Recent Great Reads In Automation Cybersecurity In this occasional series, we’re bringing you a curated selection of recent articles from the automation cybersecurity community.  For today’s post, we looked for relevant articles published in September 2020…

Read more →

Read the original article: Security Logs: Cryptographically Signed Audit Logging for Data Protection In this article, we cover cryptographically signed audit logging, aka “secure logging”, when logs are generated in a certain way which prevents tampering messages, removing, adding, or…

Read more →

Read the original article: Top SAST Solutions You Should Know SAST, short for Static Application Security Testing, is a code analysis testing process for discovering security vulnerabilities within applications. It is also known as white-box testing because it depends on…

Read more →

Read the original article: Kafka Security With SASL and ACL Red Hat AMQ Streams Red Hat AMQ Streams is a massively-scalable, distributed, and high-performance data streaming platform based on the Apache ZooKeeper and Apache Kafka projects. This blog covers authentication…

Read more →

Read the original article: How to Navigate WebAuthn…and its Complications Both consumer and enterprise users can benefit greatly from FIDO2 and WebAuthn. However, there are difficulties that can prove confusing for IT departments, as they are different than other consumer…

Read more →

Read the original article: API Security Weekly: Issue #102 This week, we look into the recent API vulnerabilities at Facebook and the campaing apps for US presidential election, a new book on the OpenAPI Specification (OAS), and a guest post…

Read more →

Read the original article: Using Log Analysis with Command Line Tools to Explore Linux Log Do you want to know more about analyzing log files? If so, this guide is for you! Whether you’re a student or a security practitioner,…

Read more →

Read the original article: Finding Help in a Remote World In early 2020, IT teams were getting crushed by the heavy volume of help desk tickets. It didn’t seem possible that the number of tickets could increase further. But then…

Read more →

Read the original article: Need Security Tokens for Java? Try JPaseto To circumvent the issues with JSON Web Tokens, try PASETO; a new security token format, made for quick and easy accessibility, free of the complications of JWT. PASETO, or…

Read more →

Read the original article: How to Spot Vulnerabilities of Custom SAML Implementations Before They Happen SAML (Security Assertion Markup Language) is often prone to vulnerabilities as an XML based markup language used to expedite identity checks for bigger applications. This…

Read more →

Read the original article: Myths and Facts of Security Testing Software security is extremely valuable to users, and even more to the companies. Besides building secure application software, it is crucial to consider and test security right through the software…

Read more →

Read the original article: Bringing Your (Encryption) Keys to Multi/Hybrid Clouds Tools and Setup Before we dive into the fun part of getting keys shared amongst cloud providers, there are a variety of tools required to get this tutorial working.…

Read more →

Read the original article: API Security Weekly: Issue #101 After the special 100th edition last week, which was all about API security advice from the industry’s thought leaders, this week we are back to our regular API security news, and…

Read more →

Read the original article: Go Modules Security Google’s Go programming language is all in boom and rocketing in its popularity in the mainstream software development field. Since Golang is a relatively new language, it does not have a long history…

Read more →

Read the original article: Go Modules Security Google’s Go programming language is all in boom and rocketing in its popularity in the mainstream software development field. Since Golang is a relatively new language, it does not have a long history…

Read more →

Read the original article: How to Keep Your Java Applications Secure A little over a year ago, in April 2019, the way most Java users accessed updates for the JDK changed. The reason for this was a combination of changes…

Read more →

Read the original article: Understanding Why Secrets Like API Keys Inside Git Are Such a Problem Table of Contents Why Secrets End up In Git Why Secrets in Git Are Dangerous Real-World Examples: Recent Data Breaches Detecting Secrets in Reviews…

Read more →

Read the original article: Be Aware of Zoom Phishing Scams Late last year, video conferencing platform Zoom hosted around 10 million users – a pretty decent number for a service not many people knew existed. Fast forward to the COVID-19…

Read more →

Read the original article: How Can Security Keys Help Authentication? Within corporations as well as consumers, the desire for strong authentication has never been more important. Online protection is at the front of everyone’s minds and, with the variety of…

Read more →