Tag: DZone Security Zone

Walk into any tech conference today, and you’ll hear buzzwords flying: AI this, blockchain that. But ask anyone about the actual architecture required to integrate these technologies, and you’ll mostly get hand-waving. That’s because while everyone talks about the potential…

Read more →

As cyberthreats dominate the news headlines day after day, it is important for large multinational organizations and nonprofits to take immediate notice of such events. Nonprofits often work under stark resource constraints, such as minimal IT staff and limited access…

Read more →

The call came at 2:47 AM on a Tuesday in October 2024. I’d been following API security incidents for fifteen years, but this one made my coffee go cold as the CISO walked me through what happened. Their fintech had…

Read more →

Defects are an unavoidable part of software development. But when they slip into production and reach your customers, the consequences go beyond poor user experience — they can damage your brand’s credibility. That’s why every defect must be logged and…

Read more →

With the rapid adoption of cloud technologies, organizations are rushing to migrate their workloads and data to the cloud — often at a breakneck pace. Cyber hackers are not far behind in this race. On-premises systems are no longer the…

Read more →

In an increasingly globally connected world, nonprofit organizations are as much at risk and vulnerable to cyber threats as large multinational corporations, if not more so. To keep cyber threats at bay, traditional security models have often relied on devices…

Read more →

User Entity Behavior Analysis (UEBA) is a security layer that uses machine learning and analytics to detect threats by analyzing patterns in user and entity behavior. Here’s an oversimplified example of UEBA: suppose you live in Chicago. You’ve lived there…

Read more →

AI has long progressed past statistical models that generate forecasts or probabilities. The next generation of AI systems is agents, autonomous cloud-native systems capable of acting and intervening in an environment without human intervention or approval. Agents can provision infrastructure,…

Read more →

Securing modern CI/CD pipelines has become significantly more challenging as teams adopt cloud-native architectures and accelerate their release cycles. Attackers now target build systems, deployment workflows, and the open-source components organizations rely on every day. This tutorial provides a practical…

Read more →

In a world where attackers routinely scan public repositories for leaked credentials, secrets in source code represent a high-value target. But even with the growth of secret detection tools, many valid secrets still go unnoticed. It’s not because the secrets…

Read more →

The rapid evolution of digital ecosystems has placed test automation at the center of quality assurance for modern software. But as systems grow increasingly distributed, data-sensitive, and security-driven, traditional automation approaches struggle to maintain transparency, consistency, and trust. This is…

Read more →

Introduction: Why Supply Chain and Network Security Matter Now In 2021, the Log4Shell vulnerability exposed a critical weakness in modern software: we don’t know what’s inside our containers. A single vulnerable library (log4j) in thousands of applications created a global…

Read more →

Container images are the key components of the software supply chain. If they are vulnerable, the whole chain is at risk. This is why container image security should be at the core of any Secure Software Development Lifecycle (SSDLC) program.…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Database Systems: Fusing Transactional Speed and Analytical Insight in Modern Data Ecosystems. Modern databases face a fundamental paradox: They have never been more accessible, yet…

Read more →

I’ve spent the better part of two decades watching companies learn hard lessons about security. But nothing prepared me for what I saw unfold in 2024. It started in May. Dell disclosed that attackers had exploited a partner portal API…

Read more →

The Reproducibility Problem Software teams consistently underestimate reproducibility until builds fail inconsistently, environments drift, and install scripts become unmaintainable. In enterprise contexts, these failures translate directly into lost time, higher costs, and eroded trust. Complex install scripts promise flexibility but…

Read more →

I used to settle for Docker images that were massive, sometimes in GBs. I realized that every megabyte matters, impacting everything from deployment speed and cloud costs to security. With time, I realize there are well-known best practices and advanced…

Read more →

Cybersecurity now requires more than just perimeter defences. As you adopt microservices, hybrid workloads, and AI pipelines on Google Cloud, identity becomes your new perimeter. Zero Trust means never trust and always verify. It is no longer optional but essential.…

Read more →

Phishing is no longer an easy-to-detect cyberattack. With the rise of artificial intelligence, attackers now launch AI-driven phishing campaigns to mimic human behavior. They can now generate flawless emails and use deepfake phishing attacks. Email security threats are more prominent…

Read more →

OWASP dropped its 2025 Top 10 on November 6th with a brand-new category nobody saw coming: “Mishandling of Exceptional Conditions” (A10). I spent a weekend building a scanner to detect these issues and immediately found authentication bypasses in three different…

Read more →