This week, the state of security in Zyxel’s management console as well as in the field of IoT leaves room for improvement. Meanwhile, on the presentation front, we have an upcoming webinar on API DevSecOps in Azure Pipelines, and recordings…
Tag: DZone Security Zone
Thoughts on Server-Sent Events, HTTP/2, and Envoy
In a distributed system, moving data efficiently between services is no small task. It can be especially tricky for a frontend web application that relies on polling data from many backend services. I recently explored solutions to this problem for…
Thoughts on Server-Sent Events, HTTP/2, and Envoy
In a distributed system, moving data efficiently between services is no small task. It can be especially tricky for a frontend web application that relies on polling data from many backend services. I recently explored solutions to this problem for…
API Security Weekly: Issue #74
This week, we check out how Facebook’s OAuth implementation in their social login feature left the access tokens vulnerable. We also have some statistics and predictions on the rise of API security, and recordings of a couple of more API…
Difference Between Wildcard SSL and SAN SSL Certificates
Are you still unsure which multi-use SSL Certificate is best suited for your website? So here, we have come up with the difference between the Wildcard SSL and SAN SSL Certificate in greater detail so that it is easy to…
Tips for Achieving Network Security in a Timely Manner
The number of cyber threats faced by businesses and individual internet users seems to increase by the minute. As such, individuals and enterprises that treat cybersecurity as an afterthought are often prime targets for hackers, data thieves, and malware spreaders.…
Engineers Own Cloud Security and They Need Better Tools
Just about everyone agrees that the cloud is the biggest transformation in IT in decades, but you’ll hear many different reasons why. OpEx vs CapEx, no need to manage physical data centers, “agility", and other buzzwords. But, the real reason…
Threat Hunting – A Cybersecurity Paradigm Shift
The internet has become a utility as essential as electricity and water for organizations worldwide. But it’s also an unparalleled security threat, an inviting doorway for global criminal networks. Malicious hackers still seem to have the upper hand even with…
Navigating Information Disclosure Requests With SpectX
In a world of compliance and disclosure requests, the ability to investigate raw log files whilst shutting out noise can not only be a time-saving maneuverer in your process, but it can also reduce the risk of mistakes. The ability…
How to Easily Set Up Mutual TLS
Mastering Two-Way TLS This tutorial will walk you through the process of protecting your application with TLS authentication, only allowing access for certain users. This means that you can choose which users are allowed to call your application. This sample…
Develop a Secure CRUD Application Using Angular and Spring Boot
Angular has been around for quite some time. Angular JS, the original version, was one of the first JavaScript MVC frameworks to dominate the web landscape and gained a strong developer fan base in the early 2010s. It’s still going…
Easy OAuth 2.0 Single Sign-on in Java
Different applications need different permissions. Although you might have a single resource server providing data to multiple apps, it’s often the case that you don’t want all users of application A to access application B. In this tutorial, you’ll learn…
API Security Weekly: Issue #73
This week, we check how Tinder’s API vulnerability has developed a life of its own, the latest statistics from Akamai on API security, the best current practices for JWT, and why API security needs both API firewalls and API management,…
Spring Security — Chapter 1
Spring Security is a framework that provides authentication and authorization to Java applications. Authentication is used to confirm the identity of a user, and authorization checks the privileges and rights a user has that determine what resources and actions they…
8 VoIP Security Risks That Could Compromise Your Sensitive Data
Voice over Internet Protocol (VoIP) has become a staple for businesses and embraced by people looking for a cheaper alternative to traditional phone companies. It’s gone from being something techies used to becoming mainstream. It’s also become a target for…
How to Build a Business on Ethical Hacking
Big data continues to become essential to businesses while threats to that data are increasing at an alarming rate. It’s predicted that serious leaks can cost businesses an average of over a million dollars; this doesn’t include any revenue loss…
Threat Hunting – A Cybersecurity Paradigm Shift
The internet has become a utility as essential as electricity and water for organizations worldwide. But it’s also an unparalleled security threat, an inviting doorway for global criminal networks. Malicious hackers still seem to have the upper hand even with…
What Is Taint Analysis and Why Should I Care?
He covered a wet, hacking cough with his hand, then pushed through the door of the ward. I reached the same door and hesitated. The Cougher had just tainted the door with his germs. If I touched it, I’d be…
Enable SSO Authentication in WSO2 EI Using Okta
This post will show you how to enable SSO authentication in WSO2 Enterprise Integrator using Okta. For this tutorial, we are going to use WSO2 EI 6.5.0. It also requires us to have an Okta account; we can create one…
Avoiding Vulnerabilities in Software Development
With data breaches on the rise, creating and maintaining secure software is vital to every organization. Although not all attacks can be anticipated or prevented, many can be avoided by eliminating vulnerabilities in software. In this article, you’ll learn about…
What Is a Proxy Server and How Do Proxies Work?
You might have already heard about proxies and proxy servers. But if you aren’t entirely familiar with them, this article will help you catch up with this web technology and see all the benefits of using proxy servers. What Are…
Should a Blockchain Node Save All the Transaction Logs?
Introduction Blockchain is a technology that drives all the cryptocurrencies. In every one of them, a set of validator nodes are responsible for validating all the transactions. The validators are assumed to be rational and self-interested, i.e. they are only…
BlowFish, the Only Way to Secure Your Passwords
I work in ForEx, one of the largest markets in the world, averaging 5.1 trillion dollars worth of trades on a daily basis. My employer also happens to be one of the largest brokers in the world, and I am…
Resetting a Password Using Chroot
chroot has quite a unique history. The chroot system call was the first major step towards process-level virtualization, i.e. providing an isolated environment for a process (though only at the file system level). Virtualization is an enabler for cloud computing. You can read more about chroot here. Let’s…
CAP Is Not the Whole Story: Introducing Trust and Blockchain
The CAP theorem asserts that in any distributed data store only two out of three guarantees can be provided regarding consistency, availability, and partition tolerance. But what about trust? In commercial systems on the internet partition tolerance can never be…
Which Cryptocurrencies Will Survive in 2019?
2018 was a tough year for the whole cryptocurrency industry. The key players experienced their record highs and lows; struggled in the bearish market; and suffered from hacks and forks. The market ended up with a significant fall in crypto prices and…
The Truth About Cybersecurity Project Management
Whether you’re moving your company’s repository to the cloud or updating an IT infrastructure, securing data from sneaky malware attacks is crucial. According to a report on cybercrime by Accenture, the number of security breaches faced by businesses has increased by…
Serverless Security Risks and How to Mitigate Them
Whether we are building a simple to-do list or a complex online banking platform, the security aspect of the application should always be one of our priorities. We should never deploy our application to the production, hoping it will not…
5 Cybersecurity Scandals That Could’ve Been Easily Prevented
These days, cybersecurity breaches are a dime a dozen. The Binance hack, where more than $40 million worth of Bitcoin was stolen, is just the tip of the ever-growing iceberg. Just a week later, Whatsapp experienced a security breach…
Penetration Test Types for (REST) API Security Tests
Black Box, Grey Box, and White Box Pen Tests In my last article, we discussed Penetration tests, or pen tests, the importance of pen tests, and how it helps to find the REST API vulnerabilities. This article gives a brief overview…
CAP Is Not the Whole Story: Introducing Trust and Blockchain
The CAP theorem asserts that in any distributed data store only two out of three guarantees can be provided regarding consistency, availability, and partition tolerance. But what about trust? In commercial systems on the internet partition tolerance can never be…
What Is SSL Offloading and How it Works
SSL (Secure Sockets Layer) certificates are given to a website to make sure that the website is secured and won’t fall prey to malicious hackers. Since this process involves loading the web-server with a lot of load, the process of SSL…
Four Ways to Keep Kubernetes’ Secrets Secret
We have talked a lot about the speed at which DevOps innovation has moved and how security has consistently struggled to catch up. Kubernetes is quickly putting this idea to shame and stretching security teams to their limit. In just five short…
Top 4 Cyber Security Trends to Watch Out For in 2020
Incidents of data breaches and theft are showing no signs of slowing down. According to Forbes, in the first half of 2019 alone, cybercriminals compromised the personal information of more than 4 billion users. As the world becomes more and…
Shifting Left Is Not Enough: Why Starting Left Is Your Key to Software Security Excellence
In a digitally-driven world, we are at an ever-increasing risk of data theft. With large organizations acting as the gatekeepers of our precious information, many are recognizing the need to implement stringent security standards. Much of the initiative around shifting…
Getting Started With Modern Application Security Automation
Every company faces a terrible dilemma — either turn the business into a software business and risk the potential catastrophic downside of getting hacked or refuse to engage in digital transformation and get put out of business by companies that…
Shifting Left is Not Enough: Why Starting Left is Your Key to Software Security Excellence
In a digitally driven world, we are at an ever-increasing risk of data theft. With large organizations acting as the gatekeepers of our precious information, many are recognizing the need to implement stringent security standards. Much of the initiative around…
Getting Started with Modern Application Security Automation
Every company faces a terrible dilemma — either turn the business into a software business and risk the potential catastrophic downside of getting hacked or refuse to engage in digital transformation and get put out of business by companies that…
The Future of Secure Programming
Recently, cybersecurity and Application Security (AppSec) have become two of the most publicized topics in news reports — and for a good reason. Since 2013, hackers have breached 3 billion Yahoo and 500 million Marriott user accounts and stolen the…
5 Cybersecurity Scandals That Could’ve Been Easily Prevented
These days, cybersecurity breaches are a dime a dozen. The Binance hack, where more than $40 million worth of Bitcoin was stolen, is just the tip of the ever-growing iceberg. Just a week later, Whatsapp experienced a security breach…
How JSON Web Token (JWT) Secures Your API
You’ve probably heard that JSON Web Token (JWT) is the current state-of-the-art technology for securing APIs. Like most security topics, it’s important to understand how it works (at least, somewhat) if you’re planning to use it. The problem is that…
Spring Boot REST Service Protected Using Keycloak Authorization Services
Keycloak is an open-source Identity and Access Management (IAM) solution aimed at modern applications and services. Keycloak provides out-of-the-box authentication and authorization services as well as advanced features like User Federation, Identity Brokering, and Social Login. Keycloak provides fine-grained authorization…
Hyperledger vs. Ethereum: Which Will Benefit Your Business?
Initially, cryptocurrency markets started out on a slow incline, but this year, in the first week of April, Bitcoin (BTC) and Ethereum demonstrated new momentum with a 20 percent gain in investment ratio. “This is a time of great opportunity”…
What Is a JWT Token?
A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.…
How to Get Instant Java Web Security Vulnerability Alerts in GitHub
If you’re building Java web applications or Java Web API’s and you want to do your own security testing, wouldn’t you rather not run a scanner and wait forever for a PDF report full of all false positives? And wouldn’t…
Security — What if We All Speak to Each Other?
There are many books and articles on how a project must be led. In the Agile Zone, you’ll find many articles related to how to handle projects, organization, teams, products, etc. But, there is a subject that is often poorly…
Generating a Trusted SSL Certificate (Node Example)
An SSL Certificate is a file that helps browsers recognize that a domain name belongs to a server owner (as well as it’s information like name, location, company, etc). So, if you host your website without certificates, browsers will show…
Publication Release: DevSecOps Trend Report
For years, security has been an afterthought — functionality that developers and product managers often address at the last minute, right before a build is about to ship. For some individuals and teams, this practice stems from a reactive approach…
ISP Selling Data: Why You Should Actually Care
Unbeknownst to you, there’s a good possibility that your Internet Service Provider (ISP) regularly sells your data to boost their profits. Since the US Congress voted to roll back the FCC protections against the practice, American ISPs now have the…
2020: It’s Time to “Walk the Walk” When it Comes to Software Security
2019 demonstrated that the adoption rate of consumer IoT devices continues to increase. From new doorbells with cameras that connect to smartphones, to advanced TVs and refrigerators that are making the smart home a reality, consumers have access to more connected…
How Security Keeps Up When Developers Drive Open-Source
Open source is transforming software development. No longer do individual businesses need to purchase or build everything they need in-house. Instead, they can rely on a modern, interdependent ecosystem in which developers work together on mutually beneficial projects. This way, a single…
Special Cases Are a Code Smell
LA Parking Sign A Warning Sign Los Angeles is famous for its complicated parking signs: They’re totems of rules and exceptions, and exceptions to the exceptions. Often, when we code, we forget a lesson that’s obvious in these preposterous signs: Humans…
DevSecOps, SecDevOps, or RainbowMonkeyUnicornPony? [Interview with DJ Schleen]
While DevOps is forging boldly into the future, security is still trailing behind in many organizations. So, it’s important that we understand how to apply notions of (traditionally static) security into environments that are built to foster continuous development. I,…
ISP selling data: why you should actually care
Unbeknownst to you, there’s a good possibility that your Internet Service Provider (ISP) regularly sells your data to boost their profits. Since the US Congress voted to roll back the FCC protections against the practice, American ISPs now have the…
Multi-tenancy authentication through Kong API Gateway
The API Gateway pattern implements a service that’s the entry point into a microservices-based application from external API clients or consumers. It is responsible for request routing, API composition, and other edge functions, such as authentication. When working with a microservices…
Develop for Safety and Protect User Privacy through Geofencing
Do you allow your spouse or partner to track your location? Your parents? Your extended relatives? Your friends? Hyperconnectivity has lent a sense of normalcy to the concept of sharing locations with multiple applications and people with varying degrees of…
How SMC Allows You to Perform Advanced Data Collaboration Without Exposing Your Data
Data collaboration is the process of combining datasets together to generate new value from data-driven insights. The datasets being combined can come from different organizations, or they can come from data silos internal to an organization. A number of use…
Top Secrets Management Tools Compared
As apps become more complex in the way they use microservices, managing API keys and other secrets becomes more challenging as well. Microservices running in containers need to transfer secrets to allow them to communicate with each other. Each of…
HTTP and Scalable Software Systems
If you think about the World Wide Web, it’s easy to imagine it as a single software system. Once you do, you realize it’s the largest software system the world has ever created — probably by hundreds of orders of…
Public Key Cryptogrophy – The Puzzle of Private and Public Keys
Whenever we disclose any of our private information (or any type of info that might hamper our lives if it gets into the wrong hands) to an authority online, we always have second thoughts about how communication networks work and…
7 Crucial Questions About Quantum Computing and Cybersecurity
What Is Quantum Computing? Quantum computers take advantage of the very nature of quantum physics to create an entirely new computing paradigm, unlike the traditional 0/1 gated computers we have been using since the 1960s. Instead, they run on quantum…
Why Use Smart Contracts to Build Blockchain Applications?
One of the most crucial features of Blockchain Technology is its decentralized nature. This means that the information is shared by all the parties of the networks. Hence, it eliminates the need for middlemen or intermediaries to facilitate operations. This…
How Bitcoin Processing Units Are Being Used For Mining Digital Currency
It’s a famous fact that bitcoin mining hardware has changed by leaps and bounds lately due to the growth of new central processing units in the marketplace. The new machines may conduct Bitcoin processing at a faster rate when compared…
Develop for Safety and Protect User Privacy through Geofencing
Do you allow your spouse or partner to track your location? Your parents? Your extended relatives? Your friends? Hyperconnectivity has lent a sense of normalcy to the concept of sharing locations with multiple applications and people with varying degrees of…
Top Free Security Testing Tools
Sometimes, considered as hard to automate, security testing lacks the resources and tools that assist in making it simple to learn. We have found many testers unaware of the free and open source security testing tools that are available to…
We Trust Blockchain Says the Card Payment Industry – But Why Still the Struggle
Eliminate the middleman to boost security! A promise made by blockchain is already nailing the card payment industry. Ever since the emergence of Bitcoin in 2009, the number of blockchain wallets increased to approximately 42 million users in September end…
Open Policy Agent, Part III – Integrating With Your Application
In the previous entry in this series, we discussed developing policies with Open Policy Agent. In this final article, we are going to focus on how you can integrate Open Policy Agent with your application. Integrating OPA With Your Application There…