Tag: DZone Security Zone

In my last post, I discussed the issue of getting people to care about security, and how it’s largely due to a focus on security behaviors rather than security outcomes. In this post, I’m picking up where I left off,…

Read more →

The time for rapid technology development and cloud computing is perhaps the most sensitive time when security issues are of great importance. It is here that security will have to be injected into a process right from the beginning —…

Read more →

Secrets are the keys to manage and enhance the security of a software application. Secret keys play a pivotal role in the authentication, authorization, encryption/decryption, etc. of data flowing through the application. There are various types of secrets and few…

Read more →

In this blog, you will learn how to get started with jOOQ, Liquibase, and Testcontainers. You will create a basic Spring Boot application and integrate the aforementioned techniques including a test setup. Furthermore, you will use Spring Boot Docker Compose…

Read more →

Kong Gateway is an open-source API gateway that ensures only the right requests get in while managing security, rate limiting, logging, and more. OPA (Open Policy Agent) is an open-source policy engine that takes control of your security and access…

Read more →

Developers may be aware of the lifecycle of service instances when using dependency injection, but many don’t fully grasp how it works. You can find numerous articles online that clarify these concepts, but they often just reiterate definitions that you…

Read more →

AI/ML tools and technologies heavily influence the modern digital landscape by introducing numerous use cases involving AI-based malware detection, preventing social engineering attacks, and threat identification and remediation. Many organizations have acknowledged AI/ML’s prominence in the cybersecurity threat landscape and…

Read more →

These days, it’s challenging to imagine systems that have public API endpoints without TLS certificate protection. There are several ways to issue certificates: Paid wildcard certificates that can be bought from any big TLS provider Paid root certificates that sign…

Read more →

Ever since people started putting their money into banks and financial institutions, other people have sought to steal those deposits or otherwise fraudulently obtain those protected assets. When someone asked infamous 1920s-era bank robber Willie Sutton why he robbed banks,…

Read more →

When developing an enterprise system — whether it is a completely new system or simply the addition of a new feature — it is not uncommon to need to retrieve a significant volume of records (a few hundred or even…

Read more →

The introduction of software has made remarkable changes to how business is conducted. “Back then,” people would meet in person, and most companies used manual methods, which were not scalable. Software has changed the game, and web applications are essential…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, Kubernetes in the Enterprise: Once Decade-Defining, Now Forging a Future in the SDLC. Kubernetes is driving the future of cloud computing, but its security challenges…

Read more →

What Is Network Sniffing? Sniffing includes the passive interception of data packets crossing a network with further analysis. Initially, sniffing was developed to help network administrators troubleshoot connectivity problems, and since then, it has evolved into an important technique of…

Read more →

From a Java perspective, I’ve been the beneficiary of some pretty amazing features over the years: Generics (Java 5) Streams and Lambda Expressions (Java 8) Enhanced Collection Functionality (Java 9) Sealed Classes (Java 17) As key features become available, I’ve…

Read more →

As cloud networks continue to expand, security concerns become increasingly complex, making it critical to ensure robust protection without sacrificing performance. One key solution organizations use to achieve this balance is the deployment of Next-Generation Firewalls (NGFWs), which play an…

Read more →

In recent years, there has been a significant surge in the adoption of artificial intelligence (AI) and machine learning (ML) technologies across a wide range of industries. Frameworks such as TensorFlow, PyTorch, and Scikit-learn have emerged as popular choices for…

Read more →

In a world where cyber threats are just one click away (or just one QR code scan away), the old-school “castle and moat” security approach isn’t enough. Enter Zero Trust — a security model that flips the script, requiring every…

Read more →

In an era where software vulnerabilities can lead to catastrophic breaches, application security has never been more critical. Yet, for many developers, security remains a complex and often frustrating aspect of the development process.  At Black Hat 2024, I sat…

Read more →

Distributed services have indeed revolutionized the design and deployment of applications in the modern world of cloud-native architecture: flexibility, scalability, and resilience are provided by these autonomous, loosely coupled services. This also means that services add complexity to our systems,…

Read more →

Infrastructure as Code (IaC) became the de facto standard for managing infrastructure resources for many organizations. According to Markets and Markets, a B2B research firm, the IaC market share is poised to reach USD 2.3 Billion by 2027.  What Is Infrastructure as…

Read more →