Tag: DZone Security Zone

In a world where innovation and productivity are paramount, the rise of Shadow IT has become an unavoidable reality for many organizations. A recent survey by Next DLP revealed a startling statistic: 73% of security professionals admitted to using unauthorized…

Read more →

AI is revolutionizing how Software-as-a-Service (SaaS) applications work, making them more efficient and automated than ever before. However, this rapid progress has opened up a Pandora’s box of new security threats. From the sly manipulation of data to the gradual…

Read more →

Effective security requires a shared responsibility model. Developers are already overburdened with their primary tasks of writing code and delivering features, and we think it is not realistic to expect them to know everything about security, be responsible for triaging…

Read more →

In the interconnected world of today, APIs (Application Programming Interface) are the invisible bridges that let applications talk to one another. But to those that with great power, there must also come great responsibility! They need to be able to…

Read more →

Imagine this: You are days away from a release, and your Python codebase is versioned, tagged, and marked as a Release Candidate. Hours from the release, out of nowhere appears a BUG! You set up a War Room, dig through…

Read more →

Imagine this: You are days away from a release, and your Python codebase is versioned, tagged, and marked as a Release Candidate. Hours from the release, out of nowhere appears a BUG! You set up a War Room, dig through…

Read more →

The Hidden Threats in Large Language Models A backdoor attack in the context of large language models (LLMs) refers to a type of malicious activity where an adversary intentionally inserts hidden triggers into the model during its training phase. These…

Read more →

Delivering secure application services free from exposed vulnerabilities — without imposing overbearing authentication controls that frustrate users, or draconian code review requirements that inhibit developer innovation — is a challenge as old as the internet itself.  Organizations naturally prioritize building…

Read more →

Over the last decade, the eBPF open-source project quietly laid the groundwork for major evolutionary gains in Linux subsystems and how they keep pace with the new world of microservices and distributed applications. Today, that foundation has made possible eBPF…

Read more →

Golden Amazon Machine Images (AMIs) are the foundation for launching consistent and efficient instances in your AWS cloud environment. Ensuring their security and immutability is paramount. This guide delves into how Software Bill of Materials (SBOMs), cryptographic signing, and runtime…

Read more →

In an era where digital transformation is rapidly advancing, the importance of cybersecurity cannot be overstated. One of the essential aspects of maintaining robust security is penetration testing, commonly known as pentesting. This guide aims to provide beginners with a…

Read more →

Recently in one of my projects, there was a requirement to create JWT within the MuleSoft application and send that as an OAuth token to the backend for authentication. After doing some research, I got to know several ways to…

Read more →

What Is the regreSSHion Vulnerability (CVE-2024-6387)? regreSSHion is a newly discovered vulnerability in OpenSSH that affects glibc-based Linux systems. regreSSHion (CVE-2024-6387) may allow arbitrary code execution with root privileges on systems with default configurations. Why Is Everyone Worried About the…

Read more →

Zero-day threats are becoming more dangerous than ever. Recently, bad actors have taken over the TikTok accounts of celebrities and brands through a zero-day hack. In late May to early June, reports of high-profile TikTok users losing control over their…

Read more →

Deploying microservices in a Kubernetes cluster is critical in 5G Telecom. However, it also introduces significant security risks. While firewall rules and proxies provide initial security, the default communication mechanisms within Kubernetes, such as unencrypted network traffic and lack of…

Read more →

In 2024, GitGuardian released the State of Secrets Sprawl report. The findings speak for themselves; with over 12.7 million secrets detected in GitHub public repos, it is clear that hard-coded plaintext credentials are a serious problem. Worse yet, it is a…

Read more →

Today’s network infrastructure is rapidly changing with the adoption of hybrid and multi-cloud architectures to leverage the benefits of flexibility, scalability, and redundancy. These advantages come with their own set of challenges, particularly in securing access to resources and users spread…

Read more →

The world of online security may seem complex, but understanding the basics of how SSL certificates work and why HTTPS is essential can empower you to make safer choices online. Just like Jane, you can navigate the digital landscape with…

Read more →

The use of Blockchain technology is growing rapidly. The creation of decentralized applications is rising. The issues that need solving include cross-chain interoperability. It lets dApps easily connect and work with different blockchains. Improvement of the dApps is also needed.…

Read more →

In the fast-changing world of tech, companies must get their apps out quickly but can’t forget to keep them safe. Gone are the days when security checks happened only after making the app. Now, there’s an intelligent way called DevSecOps…

Read more →