Tag: DZone Security Zone

This week, the state of security in Zyxel’s management console as well as in the field of IoT leaves room for improvement. Meanwhile, on the presentation front, we have an upcoming webinar on API DevSecOps in Azure Pipelines, and recordings…

Read more →

In a distributed system, moving data efficiently between services is no small task. It can be especially tricky for a frontend web application that relies on polling data from many backend services. I recently explored solutions to this problem for…

Read more →

In a distributed system, moving data efficiently between services is no small task. It can be especially tricky for a frontend web application that relies on polling data from many backend services. I recently explored solutions to this problem for…

Read more →

This week, we check out how Facebook’s OAuth implementation in their social login feature left the access tokens vulnerable. We also have some statistics and predictions on the rise of API security, and recordings of a couple of more API…

Read more →

Are you still unsure which multi-use SSL Certificate is best suited for your website? So here, we have come up with the difference between the Wildcard SSL and SAN SSL Certificate in greater detail so that it is easy to…

Read more →

The number of cyber threats faced by businesses and individual internet users seems to increase by the minute. As such, individuals and enterprises that treat cybersecurity as an afterthought are often prime targets for hackers, data thieves, and malware spreaders.…

Read more →

Just about everyone agrees that the cloud is the biggest transformation in IT in decades, but you’ll hear many different reasons why. OpEx vs CapEx, no need to manage physical data centers, “agility", and other buzzwords. But, the real reason…

Read more →

The internet has become a utility as essential as electricity and water for organizations worldwide. But it’s also an unparalleled security threat, an inviting doorway for global criminal networks. Malicious hackers still seem to have the upper hand even with…

Read more →

In a world of compliance and disclosure requests, the ability to investigate raw log files whilst shutting out noise can not only be a time-saving maneuverer in your process, but it can also reduce the risk of mistakes. The ability…

Read more →

Mastering Two-Way TLS This tutorial will walk you through the process of protecting your application with TLS authentication, only allowing access for certain users. This means that you can choose which users are allowed to call your application. This sample…

Read more →

Angular has been around for quite some time. Angular JS, the original version, was one of the first JavaScript MVC frameworks to dominate the web landscape and gained a strong developer fan base in the early 2010s. It’s still going…

Read more →

Different applications need different permissions. Although you might have a single resource server providing data to multiple apps, it’s often the case that you don’t want all users of application A to access application B.  In this tutorial, you’ll learn…

Read more →

This week, we check how Tinder’s API vulnerability has developed a life of its own, the latest statistics from Akamai on API security, the best current practices for JWT, and why API security needs both API firewalls and API management,…

Read more →

Spring Security is a framework that provides authentication and authorization to Java applications. Authentication is used to confirm the identity of a user, and authorization checks the privileges and rights a user has that determine what resources and actions they…

Read more →

Voice over Internet Protocol (VoIP) has become a staple for businesses and embraced by people looking for a cheaper alternative to traditional phone companies. It’s gone from being something techies used to becoming mainstream.  It’s also become a target for…

Read more →

Big data continues to become essential to businesses while threats to that data are increasing at an alarming rate. It’s predicted that serious leaks can cost businesses an average of over a million dollars; this doesn’t include any revenue loss…

Read more →

The internet has become a utility as essential as electricity and water for organizations worldwide. But it’s also an unparalleled security threat, an inviting doorway for global criminal networks. Malicious hackers still seem to have the upper hand even with…

Read more →

He covered a wet, hacking cough with his hand, then pushed through the door of the ward. I reached the same door and hesitated. The Cougher had just tainted the door with his germs. If I touched it, I’d be…

Read more →

This post will show you how to enable SSO authentication in WSO2 Enterprise Integrator using Okta. For this tutorial, we are going to use WSO2 EI 6.5.0. It also requires us to have an Okta account; we can create one…

Read more →

With data breaches on the rise, creating and maintaining secure software is vital to every organization. Although not all attacks can be anticipated or prevented, many can be avoided by eliminating vulnerabilities in software. In this article, you’ll learn about…

Read more →

You might have already heard about proxies and proxy servers. But if you aren’t entirely familiar with them, this article will help you catch up with this web technology and see all the benefits of using proxy servers.  What Are…

Read more →

Introduction Blockchain is a technology that drives all the cryptocurrencies. In every one of them, a set of validator nodes are responsible for validating all the transactions. The validators are assumed to be rational and self-interested, i.e. they are only…

Read more →

I work in ForEx, one of the largest markets in the world, averaging 5.1 trillion dollars worth of trades on a daily basis. My employer also happens to be one of the largest brokers in the world, and I am…

Read more →

chroot has quite a unique history. The chroot system call was the first major step towards process-level virtualization, i.e. providing an isolated environment for a process (though only at the file system level). Virtualization is an enabler for cloud computing. You can read more about chroot here. Let’s…

Read more →

The CAP theorem asserts that in any distributed data store only two out of three guarantees can be provided regarding consistency, availability, and partition tolerance. But what about trust? In commercial systems on the internet partition tolerance can never be…

Read more →

2018 was a tough year for the whole cryptocurrency industry. The key players experienced their record highs and lows; struggled in the bearish market; and suffered from hacks and forks. The market ended up with a significant fall in crypto prices and…

Read more →

Whether you’re moving your company’s repository to the cloud or updating an IT infrastructure, securing data from sneaky malware attacks is crucial. According to a report on cybercrime by Accenture, the number of security breaches faced by businesses has increased by…

Read more →

Whether we are building a simple to-do list or a complex online banking platform, the security aspect of the application should always be one of our priorities. We should never deploy our application to the production, hoping it will not…

Read more →

These days, cybersecurity breaches are a dime a dozen.   The Binance hack, where more than $40 million worth of Bitcoin was stolen, is just the tip of the ever-growing iceberg. Just a week later, Whatsapp experienced a security breach…

Read more →

Black Box, Grey Box, and White Box Pen Tests In my last article, we discussed Penetration tests, or pen tests, the importance of pen tests, and how it helps to find the REST API vulnerabilities.  This article gives a brief overview…

Read more →

The CAP theorem asserts that in any distributed data store only two out of three guarantees can be provided regarding consistency, availability, and partition tolerance. But what about trust? In commercial systems on the internet partition tolerance can never be…

Read more →

SSL (Secure Sockets Layer) certificates are given to a website to make sure that the website is secured and won’t fall prey to malicious hackers. Since this process involves loading the web-server with a lot of load, the process of SSL…

Read more →

We have talked a lot about the speed at which DevOps innovation has moved and how security has consistently struggled to catch up. Kubernetes is quickly putting this idea to shame and stretching security teams to their limit. In just five short…

Read more →

Incidents of data breaches and theft are showing no signs of slowing down. According to Forbes, in the first half of 2019 alone, cybercriminals compromised the personal information of more than 4 billion users. As the world becomes more and…

Read more →

In a digitally-driven world, we are at an ever-increasing risk of data theft. With large organizations acting as the gatekeepers of our precious information, many are recognizing the need to implement stringent security standards. Much of the initiative around shifting…

Read more →

Every company faces a terrible dilemma — either turn the business into a software business and risk the potential catastrophic downside of getting hacked or refuse to engage in digital transformation and get put out of business by companies that…

Read more →

In a digitally driven world, we are at an ever-increasing risk of data theft. With large organizations acting as the gatekeepers of our precious information, many are recognizing the need to implement stringent security standards. Much of the initiative around…

Read more →

Every company faces a terrible dilemma — either turn the business into a software business and risk the potential catastrophic downside of getting hacked or refuse to engage in digital transformation and get put out of business by companies that…

Read more →

Recently, cybersecurity and Application Security (AppSec) have become two of the most publicized topics in news reports — and for a good reason. Since 2013, hackers have breached 3 billion Yahoo and 500 million Marriott user accounts and stolen the…

Read more →

These days, cybersecurity breaches are a dime a dozen.   The Binance hack, where more than $40 million worth of Bitcoin was stolen, is just the tip of the ever-growing iceberg. Just a week later, Whatsapp experienced a security breach…

Read more →

You’ve probably heard that JSON Web Token (JWT) is the current state-of-the-art technology for securing APIs. Like most security topics, it’s important to understand how it works (at least, somewhat) if you’re planning to use it. The problem is that…

Read more →

Keycloak is an open-source Identity and Access Management (IAM) solution aimed at modern applications and services. Keycloak provides out-of-the-box authentication and authorization services as well as advanced features like User Federation, Identity Brokering, and Social Login. Keycloak provides fine-grained authorization…

Read more →

Initially, cryptocurrency markets started out on a slow incline, but this year, in the first week of April, Bitcoin (BTC) and Ethereum demonstrated new momentum with a 20 percent gain in investment ratio. “This is a time of great opportunity”…

Read more →

A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.…

Read more →

If you’re building Java web applications or Java Web API’s and you want to do your own security testing, wouldn’t you rather not run a scanner and wait forever for a PDF report full of all false positives? And wouldn’t…

Read more →

There are many books and articles on how a project must be led. In the Agile Zone, you’ll find many articles related to how to handle projects, organization, teams, products, etc. But, there is a subject that is often poorly…

Read more →

An SSL Certificate is a file that helps browsers recognize that a domain name belongs to a server owner (as well as it’s information like name, location, company, etc).  So, if you host your website without certificates, browsers will show…

Read more →

For years, security has been an afterthought — functionality that developers and product managers often address at the last minute, right before a build is about to ship. For some individuals and teams, this practice stems from a reactive approach…

Read more →

Unbeknownst to you, there’s a good possibility that your Internet Service Provider (ISP) regularly sells your data to boost their profits.  Since the US Congress voted to roll back the FCC protections against the practice, American ISPs now have the…

Read more →

2019 demonstrated that the adoption rate of consumer IoT devices continues to increase. From new doorbells with cameras that connect to smartphones, to advanced TVs and refrigerators that are making the smart home a reality, consumers have access to more connected…

Read more →

Open source is transforming software development. No longer do individual businesses need to purchase or build everything they need in-house. Instead, they can rely on a modern, interdependent ecosystem in which developers work together on mutually beneficial projects. This way, a single…

Read more →

LA Parking Sign A Warning Sign Los Angeles is famous for its complicated parking signs: They’re totems of rules and exceptions, and exceptions to the exceptions. Often, when we code, we forget a lesson that’s obvious in these preposterous signs: Humans…

Read more →

While DevOps is forging boldly into the future, security is still trailing behind in many organizations. So, it’s important that we understand how to apply notions of (traditionally static) security into environments that are built to foster continuous development. I,…

Read more →

Unbeknownst to you, there’s a good possibility that your Internet Service Provider (ISP) regularly sells your data to boost their profits.  Since the US Congress voted to roll back the FCC protections against the practice, American ISPs now have the…

Read more →

The API Gateway pattern implements a service that’s the entry point into a microservices-based application from external API clients or consumers. It is responsible for request routing, API composition, and other edge functions, such as authentication. When working with a microservices…

Read more →

Do you allow your spouse or partner to track your location? Your parents? Your extended relatives? Your friends?  Hyperconnectivity has lent a sense of normalcy to the concept of sharing locations with multiple applications and people with varying degrees of…

Read more →

Data collaboration is the process of combining datasets together to generate new value from data-driven insights. The datasets being combined can come from different organizations, or they can come from data silos internal to an organization. A number of use…

Read more →

As apps become more complex in the way they use microservices, managing API keys and other secrets becomes more challenging as well. Microservices running in containers need to transfer secrets to allow them to communicate with each other. Each of…

Read more →

If you think about the World Wide Web, it’s easy to imagine it as a single software system. Once you do, you realize it’s the largest software system the world has ever created — probably by hundreds of orders of…

Read more →

Whenever we disclose any of our private information (or any type of info that might hamper our lives if it gets into the wrong hands) to an authority online, we always have second thoughts about how communication networks work and…

Read more →

What Is Quantum Computing? Quantum computers take advantage of the very nature of quantum physics to create an entirely new computing paradigm, unlike the traditional 0/1 gated computers we have been using since the 1960s. Instead, they run on quantum…

Read more →

One of the most crucial features of Blockchain Technology is its decentralized nature. This means that the information is shared by all the parties of the networks. Hence, it eliminates the need for middlemen or intermediaries to facilitate operations. This…

Read more →

It’s a famous fact that bitcoin mining hardware has changed by leaps and bounds lately due to the growth of new central processing units in the marketplace. The new machines may conduct Bitcoin processing at a faster rate when compared…

Read more →

Do you allow your spouse or partner to track your location? Your parents? Your extended relatives? Your friends?  Hyperconnectivity has lent a sense of normalcy to the concept of sharing locations with multiple applications and people with varying degrees of…

Read more →

Sometimes, considered as hard to automate, security testing lacks the resources and tools that assist in making it simple to learn. We have found many testers unaware of the free and open source security testing tools that are available to…

Read more →

Eliminate the middleman to boost security! A promise made by blockchain is already nailing the card payment industry. Ever since the emergence of Bitcoin in 2009, the number of blockchain wallets increased to approximately 42 million users in September end…

Read more →

In the previous entry in this series, we discussed developing policies with Open Policy Agent. In this final article, we are going to focus on how you can integrate Open Policy Agent with your application. Integrating OPA With Your Application There…

Read more →