Tag: DZone Security Zone

Read the original article: Distributed PKI vs Traditional PKI With the rise of cryptocurrency, blockchain technology has grown from an obscure niche solution to one of the most hyped new technologies of the last decade. Enthusiasts are claiming blockchain will…

Read more →

Read the original article: API Security Weekly: Issue #86 Vulnerability: Sign In With Apple Sign in with Apple is an OAuth-like social logon system from Apple. It is widely used, and in fact, Apple mandate the inclusion of Sign in…

Read more →

Read the original article: How Firms With a Remote Workforce Can Manage Common Network Security Challenges The concept of remote working isn’t new! Several businesses have been encouraging their employees to work from home for a few days a week…

Read more →

Read the original article: Seven Reasons to Provision IAM in Your Stack Right Now 1. IAM is the Best Way to Address a Distributed and Contingent Workforce. IAM is the best way to effectively onboard and offload new employees, partners…

Read more →

Read the original article: Zero Day Attacks – A Sleeping Disaster ‘Zero-day attack’ is a phrase used for describing the threat of an unknown security vulnerability in computer software or application that a patch has not been released – or…

Read more →

Read the original article: Accuracy in AppSec Is Critical to Reducing False Positives According to a new report from the Neustar International Security Council (NISC), over one-quarter of security alerts fielded within organizations are false positives. Surveying senior security professionals…

Read more →

Read the original article: Container and Kubernetes Security: A 2020 Update Security has always been a big issue in the fast-paced world of DevOps, Continuous Integration, and Continuous Delivery. Despite the multitude of tools and tech currently available for integrating…

Read more →

Read the original article: Simplified Blockchain Part One: Theory Blockchain in Two Words You can interpret blockchain as a distributed database, each node of which is launched on the client side. All nodes synchronize (validate and confirm) all transactions among…

Read more →

Read the original article: Simplified Blockchain Part 2: Ethereum Example With Java Client In the previous article, we got acquainted with the theoretical foundations of the blockchain. In this article, we implement the functionality of the passport office. Before You…

Read more →

Read the original article: What Is a Sniffing Attack? Introduction In this article, we will be discussing what is a sniffing attack and how you can save yourself or an organization from a sniffing attack. We will also cover some…

Read more →

Read the original article: Traditional AppSec Code Halts Kill DevOps Release Cycles In recent years, the application security (AppSec) field has not advanced as rapidly as the software development discipline. While developers are under constant pressure to push code, legacy…

Read more →

Read the original article: OAuth 2.0 vs Session Management There seems to be a lot of misinformation on when OAuth 2.0 (henceforth referred to as OAuth) is appropriate for use. A lot of developers confuse OAuth with web session management…

Read more →

Read the original article: SecureSDLC – The Next Gen SDLC People with exposure to software development space will very well understand SDLC (Software Development Life Cycle). Still, let’s do a quick recap. The SDLC framework defines the processes used by…

Read more →

Read the original article: Using Amazon CloudWatch Synthetics and Service Lens Real-time monitoring is invaluable in today’s market. Everyone is trying to deliver the best user experience, so there is a higher need for capable and reliable cloud services to…

Read more →

Read the original article: Automation Solutions Are IT’s Best Friend During the Crisis Over the past few years, remote work has become an increasingly popular practice due to factors such as changes in the global workforce, competition for top talent,…

Read more →

Read the original article: 8 Free Security Tools Every Developer Should Know and Use to Shift Left Shifting left is a development principle which states that security should move from the right (or end) of the software development life cycle…

Read more →

Read the original article: Secure PHP Programming: Two Common Mistakes to Avoid PHP (Hypertext Preprocessor) is a server-side scripting language that has matured over the years — it was first released in 1995! The latest stable version of the language,…

Read more →

Read the original article: How to Create Your Own Cryptocurrency Blockchain in Python Cryptocurrencies and their underlying blockchain technology have taken the world by surprise —from their humble beginnings a few years ago to current everyday conversation point. Typically, a…

Read more →

Read the original article: Top 10 Vulnerabilities In Web Apps You Can Prevent With Testing When talking about cyber risks, the first thing you might think of is malware. However, many cyber-attacks are linked to apps. According to the Positive…

Read more →

Read the original article: API Security Weekly: Issue #85 Vulnerability: Google Cloud Deployment Manager Google Cloud Deployment Manager is an infrastructure management service that makes it simple to create, deploy, and manage Google Cloud Platform resources. Ezequiel Pereira found an…

Read more →

Read the original article: What Is PKCE? PKCE is short for Proof Key for Code Exchange. It is a mechanism that came into being to make the use of OAuth 2.0 Authorization Code grant more secure in certain cases. Why…

Read more →

Read the original article: Diffie Hellman Key Exchange In early 70’s to send a secret message, both parties (sender and receiver) had to exchange the key to encrypt and decrypt the message. Exchanging the secret key may lead to compromising…

Read more →

Read the original article: The Case for Serving Multiple HTTPS (SSL) Certificates Regionally Context In this new world of cloud computing, more and more companies are going global. Regardless of whether a company is built solely in the cloud or…

Read more →

Read the original article: 10 Node.js Security Practices Web application security is rapidly becoming a major concern for companies as security breaches are becoming expensive by the day. The Open Web Application Security Project (OWASP) is a non-profit organization dedicated…

Read more →

Read the original article: Direct EDI Software vs. EDI VAN Throughout the world, companies large and small alike are increasingly adding, expanding, and modernizing their electronic data interchange (EDI) communications. If you need to meet partner EDI mandates or wish…

Read more →

Read the original article: How to Overcome File Transfer Security Risks Individuals are constantly transferring files to their colleagues and trading partners, whether those files are Word documents, reports and spreadsheets, or shipping notices and acknowledgments. Most of the time,…

Read more →

Read the original article: API Security Weekly: Issue #84 Vulnerability: Google Firebase Google Firebase is a development platform for mobile apps. It claims to be used in over 1.5 million mobile apps to provide standard platform functions like authentication, cloud…

Read more →

Read the original article: Two-Way SSL Authentication Setup in Mule What is Two-Way SSL? Two-way SSL means that a client and a server communicates on a verified connection with each other. The verifying is done by certificates to identify. A…

Read more →

Read the original article: Getting Started With Infura’s Ethereum API A step-by-step tutorial to help you get set-up with Infura and start using the Infura Ethereum API. Hey there! Infura provides developers and enterprises with simple, reliable access to Web3…

Read more →

Read the original article: All You Need to Know About User Session Security What follows is a two-part series on session management  —  inspired by extensive conversations with over 70 developers and our own intensive research. We will explore different…

Read more →

Read the original article: Deep Dive Into NPM Security The Node Package Manager, abbreviated as NPM, is the premier registry for software packages in the Node.js ecosystem and has become one of the largest registries for software packages in the…

Read more →

Read the original article: How Firms With a Remote Workforce Can Manage Common Network Security Challenges The concept of remote working isn’t new! Several businesses have been encouraging their employees to work from home for a few days a week…

Read more →

Read the original article: Securing Hazelcast With Cert-Manager Cert-Manager became a standard way of issuing and rotating certificates in Kubernetes and OpenShift environments. Simple to install. Simple to use. Well integrated with Vault and other secret managers. No surprise it’s…

Read more →

Read the original article: Container and Kubernetes Security: A 2020 Update Security has always been a big issue in the fast-paced world of DevOps, Continuous Integration, and Continuous Delivery. Despite the multitude of tools and tech currently available for integrating…

Read more →

Read the original article: Are You Using JWTs for User Sessions Correctly? JSON Web Tokens (or JWTs) have become incredibly popular, and you’ve likely heard of them before. What you may not have heard is that JWTs were originally designed…

Read more →

Read the original article: Cryptography Module in Mule 4 Steps to Use JCE Encrypt and JCE Decrypt Connectors Check if Crypto module is available in Mule Palette. If not, download it from exchange. Then, search for JCE in the Mule…

Read more →

Read the original article: All You Need to Know About Browser Fingerprints Unlike the static websites of the past, today’s websites are honed to be able to identify your device through a set of parameters and using a range of…

Read more →

Read the original article: Generating OAuth Tokens Part 1 We will talk about how to generate OAuth tokens. When using OAuth tokens, passwords are not shared between services. Instead, tokens are used for authentication. Here, we will create a basic…

Read more →

Read the original article: From Dev to DevSec: How to transform developers into security rockstars [Webinar Sign-up] Waterfall, Agile, DevOps… it seems that every few years, a new methodology is born for optimum software creation. While these processes all have…

Read more →

Read the original article: How AI Is Improving Privacy in 2020 If you’re like everyone else around the world, privacy is a big deal. We regularly upload our personal information to websites when we make purchases, we also add customer…

Read more →

Read the original article: Infrastructure as Code Security Infrastructure as Code and the bigger concept of DevOps for business applications are accelerating the utilization of cloud computing. Businesses are moving their solutions, data, and processes to the cloud and leveraging…

Read more →

Read the original article: Incident Response Requires a New AppSec Model Incident response found its way into our technological vernacular back in 1988 when the first internet worm — dubbed “The Morris Worm” — was released. In response, the Computer…

Read more →

Read the original article: What Is PKCE? PKCE is short for Proof Key for Code Exchange. It is a mechanism that came into being to make the use of OAuth 2.0 Authorization Code grant more secure in certain cases. Why…

Read more →

Read the original article: API Security Weekly: Issue #83 Vulnerability: India’s Coronavirus Tracing App Elliot Alderson discovered API flaws in India’s COVID-19 tracking app, Aarogya Setu. In certain regions, the app is mandatory, and not having it installed can lead…

Read more →

Read the original article: How Firms With a Remote Workforce Can Manage Common Network Security Challenges The concept of remote working isn’t new! Several businesses have been encouraging their employees to work from home for a few days a week…

Read more →

Read the original article: Two-Factor Authentication in Spring Webflux REST API Multi-factor authentication became common practice for many cases, especially for enterprise applications or those that deal with sensitive data (like finance apps). Moreover, MFA is enforced (especially in the…

Read more →

Read the original article: Configuring SSL/TLS Connection Made Easy Setting up encryption for your application, how hard can it be? I thought it should be easy, as all communication with modern web applications should be encrypted, right? Well, my expectations…

Read more →

Read the original article: SSL Offloading: A Solution For a Slow Website SSL offloading is a great solution for enterprises that wish to improve website performance without compromising security — here’s how it works. SSL offloading is a solution that…

Read more →

Read the original article: API Security Weekly: Issue #82 Opinion: The 5 Most Common Vulnerabilities in GraphQL Although the adoption of GraphQL is still fairly limited, it is undeniably on the rise. GraphQL is different from the traditional REST APIs:…

Read more →

Read the original article: Establish Trust Chain From Kafka to Microservices REST APIs With JWT Abstract This article will discuss an approach to propagate trust from Kafka event stream processing modules to microservices APIs with Spring security and JSON web…

Read more →

Read the original article: Cyber Resilience Lessons to Know Before the Empire Gets Struck Every year, fans across the globe celebrate a holiday that commemorates one of the greatest sagas of all time. We’re talking about May 4th — a…

Read more →

Read the original article: Cybersecurity Considerations for Business Leaders Navigating COVID-19 Disruptions Businesses around the world have responded to the evolving health and financial risk factors posed by coronavirus disease 2019 (“COVID-19” or the “virus”) with significant workforce changes, including…

Read more →

Read the original article: Latest Enterprise Endpoint Security Survey: Big Concerns but Hope for the Future More bad news when it comes to IT security. The fourth annual Enterprise Endpoint Security Survey was recently released, showing that just 17% of…

Read more →

Read the original article: 3 Rewarding Programs for Blockchain Devs Looking for a chance to learn more about blockchain, build cool solutions with it, and share your knowledge with others?  Even better, want to see some money for your time…

Read more →

Read the original article: Secure Communication with Token-based RSocket RSocket provides a message-driven communication mechanism, by using the reactive streaming framework, and supports most of the protocols (TCP/WebSocket/HTTP 1.1&HTTP 2). Furthermore, it’s program language-agnostic interaction models (REQUEST_RESPONSE/REQUEST_FNF/REQUEST_STREAM/REQUEST_CHANNEL) cover most communication…

Read more →

Read the original article: Privacy vs Convenience: Is There a Middle Ground? Enjoying the benefits of the myriad online services we use every day is incredibly convenient. In fact, it’s so convenient that we’re ready to accept terms and conditions…

Read more →

Read the original article: Easy OAuth 2.0 Single Sign-on in Java Different applications need different permissions. Although you might have a single resource server providing data to multiple apps, it’s often the case that you don’t want all users of…

Read more →

Read the original article: Implementing Aqua Security to Secure Kubernetes Despite the maturity of the platform, security is still a big challenge for Kubernetes users. While Kubernetes offers maximum flexibility, modularity, and ease of use in other areas, the complex…

Read more →

Read the original article: Create Wildcard SSL Certificate With Let’s Encrypt and Integrate Into Engineyard First, we are going to generate a wildcard SSL certificate for our domain, and then, we will see the process of integrating that certificate in…

Read more →

Read the original article: Deep Dive Into NPM Security The Node Package Manager, abbreviated as NPM, is the premier registry for software packages in the Node.js ecosystem and has become one of the largest registries for software packages in the…

Read more →

Read the original article: SSL Handshake Failed Error: What it Is and How to Fix it What Is an SSL Handshake? It’s the phenomenon by which your browser proposes a secure connection to an internet server. Sometimes the client, and…

Read more →

Read the original article: Secure Your Digital Space With Cybersecurity Best Practices [Infographic] Amidst the ongoing cybersecurity epidemic, is your enterprise prepared to cope up with the changing dynamics of the cyber ecosphere? Let’s find out.  Here are some of…

Read more →

Read the original article: EC Private and Public Key Pair An EC (Elliptic Curve) key-pair is a pair of a private and public key constructed from a given subgroup generator in a given elliptic curve group. Here are the steps…

Read more →

Read the original article: Rules of Thumb for Certificate Monitoring The enforcement of HTTPS by web browsers has introduced the pain of certificate management to small and medium businesses. Here are my rules of thumb to make your life much…

Read more →

Read the original article: 13 Ways to Secure Your Cloud VPS Choosing to host your Virtual Private Server (VPS) in the cloud opens a world of possibilities to share new content with your customers. No matter which operating system you…

Read more →

Read the original article: API Security Weekly: Issue #81 This week, we check out how Microsoft Teams could be breached with a single GIF image sent in a chat, and Auth0 by changing the case of a single character. In…

Read more →

Read the original article: Azure and HIPAA Compliance: What You Need to Know What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) is a landmark piece of US legislation that was introduced in 1996, in order to safeguard…

Read more →

Read the original article: Blockchain Use Cases: How Blockchain Will Transform the Food Supply Chain Blockchain, the groundbreaking technology behind cryptocurrencies and Bitcoin has been a huge buzzword in recent years. With blockchain technology steadily seeping into every industry, it…

Read more →

Read the original article: 5 Real-World Applications of Blockchain Technology Blockchain technology has garnered a significant amount of digital ink in recent years. In fact, it is as big of a game changer as the Internet was back in the…

Read more →

Read the original article: 8 Popular Security Tools You Should Try Right Now Hackers today are on the rage and more organizations are falling victim to them. We are hearing reports of data leaks and website hacks more frequently than…

Read more →

Read the original article: Secure Software Development Principles There is growing evidence that criminals, terrorists, and other malicious actors view vulnerabilities in software systems as a tool to reach their goals. Today, software vulnerabilities are discovered at a higher rate…

Read more →

Read the original article: API Security Weekly: Issue #80 Vulnerability: IBM Data Risk Manager Pedro Ribeiro found a bunch of security vulnerabilities in IBM Data Risk Manager (IDRM). This is a control center that helps to locate, analyze, and visualize…

Read more →

Read the original article: Cybersecurity During a Pandemic: An Interview With Critical Start In our current time of crisis, it’s a sad fact that there are many taking advantage of distracted governments, businesses, and individuals. With the majority of workforces…

Read more →

Read the original article: Kafka SSL Client Authentication in Multi-Tenancy Architecture Apache Kafka is the key product for not only messaging transformations but also real-time data processing, in addition to many other use cases. Architectures hosted inside the cloud claim…

Read more →

Read the original article: COVID-19 Creates Fresh Cyber Security Challenges as Employees Work From Home The Threat The recent surge in Work-From-Home, triggered by the COVID-19 crisis, is here to stay and the first sign of it is that "WFH"…

Read more →

Read the original article: Cyber Insurance in 2020 Cyber insurance has emerged as a response to the rapidly increasing cyber-attacks across the world and the extent of damage these attacks cause to businesses. Recent trends indicate there is a continual…

Read more →

Read the original article: 4 Key Strategies for Open PGP Numerous high-profile data breaches have shined a spotlight on the need to protect sensitive data. Encryption is a popular solution that locks away files such that even if they are…

Read more →

Read the original article: Protect Active Directory Logins to Secure Remote Working In the past few weeks, the majority of businesses were forced to shift to remote working. This situation is seen as a great opportunity for hackers to find…

Read more →

Read the original article: API Security Weekly: Issue #79 This week, unprotected APIs have allowed hackers to compile to put on sale a list of 1.4 million of US doctors, and GitLab has published details on the API vulnerability they…

Read more →

Read the original article: Why Are There Different VPN Protocols and How Do They Differ? As one of the most important inventions of the 20th century, the Internet has opened up a world of new opportunities. But it has also…

Read more →

Introduction APIs handle practically every function in modern organizations. From booking a movie ticket to processing complex bank transactions, APIs play an important role. Organizations expose their services via APIs to the public and also internally in order to expand…

Read more →

JSON RPC, methods, calls, requests — what does it all mean?! When you start building an app on the Ethereum blockchain, you’re introduced to a host of new concepts, request methods, and naming conventions to employ. It can be overwhelming.…

Read more →

This week, we check out the API vulnerabilities in the WordPress Rank Math plugin, Tapplock smartlock, and TicTocTrack, another kids’ smartwatch. In addition, an update to VS Code OpenAPI extension that adds static application security testing (SAST) for composite API…

Read more →

There is no doubt that the world’s workforce is becoming more remote, particularly in tech as developers can now work from any location in the world. But there are a large number of new obstacles that come with this. The…

Read more →

Introduction JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between the two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON…

Read more →

Endpoint Detection and Response (EDR) solutions were developed to fill security gaps left by other tools. The need for EDR can be traced to the early 2010s, but the term EDR was officially coined in 2013. In this article, you’ll…

Read more →

This week, GitLab has fixed several vulnerabilities, including API vulnerabilities, and the draft for OAuth 2.1 has been released. If you find yourself stuck at home with extra time in your hands, why not check out the free course on…

Read more →

In the last article, we have seen how we can do client management for MuleSoft API using AWS Cognito Client Credentials. Here, we will see how we can use AWS Cognito for MuleSoft AnyPoint Platform Identity Management. The authorization code grant…

Read more →

It wasn’t long ago that smaller businesses were more or less exempt from cyber warfare. Hackers, scammers, and other baddies simply preferred to target larger enterprises and other high-profile organizations because these are the players with more money and sensitive…

Read more →

It wasn’t long ago that smaller businesses were more or less exempt from cyber warfare. Hackers, scammers, and other baddies simply preferred to target larger enterprises and other high-profile organizations because these are the players with more money and sensitive…

Read more →

Open source vulnerabilities are on the rise. Again. Since 2017 we have seen a rapid rise in the number of open source vulnerabilities that are being reported by the community. This past year was no exception, with WhiteSource’s State of…

Read more →

This week, new security issues have been reported in a US election app, Voatz, and an API vendor has leaked 8 million shopping records in UK. In addition, ESG have shared some of their findings on API security and DevSecOps,…

Read more →

Setting up encryption for your application, how hard can it be? I thought it should be easy, as all communication with modern web applications should be encrypted, right? Well, my expectations were wrong… While setting it up, I encountered a…

Read more →

Office 365 is an essential tool for many organizations that have thrived for years within the Microsoft ecosystem. It takes those many nostalgic tools like Word, Excel, Powerpoint, Outlook — the tools that most of today’s workforce grew up revering…

Read more →

Introduction The OAuth2 Provider module allows a Mule runtime engine (Mule) app to be configured as an Authentication Manager in an OAuth2 dance. With this role, the application will be able to authenticate previously registered clients, grant tokens, validate tokens,…

Read more →

It’s been another eventful year for cyber attacks. More than 4 billion records have been breached so far – and we’re not even to the end of the year yet! But is behind us. It’s now time to look forward…

Read more →

For the first time since the creation of mainstream social media platforms, the number of American users with at least one social media profile decreased in 2018. People are choosing to leave social media platforms for many reasons, from the platforms’…

Read more →

For the first time since the creation of mainstream social media platforms, the number of American users with at least one social media profile decreased in 2018. People are choosing to leave social media platforms for many reasons, from the platforms’…

Read more →

For the first time since the creation of mainstream social media platforms, the number of American users with at least one social media profile decreased in 2018. People are choosing to leave social media platforms for many reasons, from the platforms’…

Read more →

These days, cybersecurity breaches are a dime a dozen.   The Binance hack, where more than $40 million worth of Bitcoin was stolen, is just the tip of the ever-growing iceberg. Just a week later, Whatsapp experienced a security breach…

Read more →