Tag: DZone Security Zone

In today’s increasingly digital world, securing your applications has become paramount. As developers, we must ensure that our applications are protected from unauthorized access and malicious attacks. One popular solution for securing Java applications is Spring Security, a comprehensive and…

Read more →

Privacy by Design (PbD) is an approach to systems engineering that aims to embed privacy into every stage of the development process and across the entire organization from day one. Privacy is too often overlooked or solely an afterthought. Policies…

Read more →

On August 21, 2023, security researcher and HackerOne Advisory Board Member Corben Leo announced on social media that he had “hacked a car company” and went on to post a thread explaining how he “gained access to hundreds of their codebases.”…

Read more →

Emerging technologies are unlocking new possibilities for gathering and leveraging data from personal devices to provide highly customized and contextualized user experiences. As Dr. Poppy Crum, CTO, and neuroscientist, highlighted in her Technology and Human Evolution presentation at TIBCO Next,…

Read more →

As businesses shift operations to the cloud, robust security is crucial. DDoS attacks pose significant threats to cloud-based services, aiming to disrupt infrastructure and cause downtime and financial losses. AWS Shield from Amazon Web Services provides comprehensive DDoS protection, fortifying…

Read more →

Developing secure APIs is crucial, but testing them thoroughly can be time-consuming and difficult without the right tools. A new offering called CodeSec from application security provider Contrast Security aims to make robust API security testing quick, accurate, and accessible…

Read more →

Gradle version catalogs allow us to add and maintain dependencies in an easy and scalable way. Apps grow, and managing projects with several development teams increases the compilation time. One potential solution to address this issue involves segmenting the project…

Read more →

When choosing a user authentication method for your application, you usually have several options: develop your own system for identification, authentication, and authorization, or use a ready-made solution. A ready-made solution means that the user already has an account on…

Read more →

In today’s digitally interconnected world, software plays an integral role in our daily lives. From online banking and e-commerce to healthcare and transportation, software applications are at the heart of our technological infrastructure. However, with the increasing reliance on software,…

Read more →

Enterprise security teams have had since 2015 to familiarize themselves with GraphQL API security. But many — if not most — still haven’t captured the security nuances of the popular open-source query language. Simply understanding GraphQL’s processes and vulnerable attack…

Read more →

At Black Hat 2023, Kemba Walden, Acting National Cyber Director at the White House, outlined a new national cybersecurity strategy aimed at strengthening defenses through workforce development and technology initiatives. For developers and technology professionals, this strategy has major implications,…

Read more →

In the constant struggle between security and agility, developers often draw the short straw. Tasked with rapidly building and deploying code, engineers get bogged down handling security incidents or remediating vulnerabilities. The friction between creating quickly and creating securely slows…

Read more →

Agile software development has transformed how software is created and delivered. It fosters collaboration, flexibility, and quick development cycles, making it appealing to many teams. However, Agile’s numerous advantages come with specific cybersecurity risks that developers must address. In this…

Read more →

In today’s interconnected society, the Internet of Things (IoT) has seamlessly integrated itself into our daily lives. From smart homes to industrial automation, the number of IoT devices continues to grow exponentially. However, along with these advancements comes the need…

Read more →

On July 11, 2023, Microsoft released details of a coordinated attack from threat actors, identified as Storm-0558. This state-sponsored espionage group infiltrated email systems in an effort to collect information from targets such as the U.S. State and Commerce Departments.…

Read more →

Tokens are essential for secure digital access, but what if you need to revoke them? Despite our best efforts, there are times when tokens can be compromised. This may occur due to coding errors, accidental logging, zero-day vulnerabilities, and other…

Read more →

Identity and access management (IAM) is fundamental to modern cybersecurity and operational efficiency. It allows organizations to secure their data, comply with regulations, improve user productivity, and build a strong foundation for trustworthy and successful business operations. A robust IAM…

Read more →

In today’s interconnected global marketplace, secure data transmission is more crucial than ever. As digital platforms become increasingly important for financial transactions and personal communications, ensuring the integrity and confidentiality of data is vital. If someone gets unauthorized access to…

Read more →

In the face of ever-changing threats and complex infrastructures, the zero-trust architecture represents an important transformation in our understanding and implementation of security. This innovative approach promises not only increased protection but also increased adaptability and efficiency in infrastructure management.…

Read more →

In today’s digital landscape, data privacy and accurate analytics are paramount for businesses striving to make informed decisions. Google Analytics 4 (GA4) brings a new dimension to data privacy and tracking methods, including cookie-less tracking and server-side tracking.  Growing worries…

Read more →