Tag: DZone Security Zone

APIs have emerged as the cement of the contemporary application. APIs are at the heart of the movement of data, and the interaction of systems, whether in the form of mobile apps and web frontends or microservices and third-party integrations.…

Read more →

This tutorial is all about implementing JWT Policy Enforcement in API Manager using a sample RAML-based project. It’s especially helpful when applying policies through the API Manager in the Anypoint Platform. Along the way, you’ll also learn how to secure…

Read more →

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In parts 2 and part 3 of this blog series, we introduced the open-source Trestle SDK, which implements the NIST…

Read more →

Most developers don’t start their day thinking, “Is our internal directory secure?” They’ve got builds to run, bugs to squash, maybe a pull request or five to review. But internal directories (like Active Directory or Azure AD) aren’t just a…

Read more →

With the release of the IBM® App Connect Operator version 12.1.0, you can now use your existing Keycloak instance to configure authentication and authorization for App Connect Dashboard and Designer Authoring. Building on top of the capability to use Keycloak,…

Read more →

In 2025, mobile applications are smarter, faster, and increasingly location-aware. From e-commerce personalization to regional compliance, knowing where a user is located adds critical context to the user experience. While GPS provides the most accurate location data, it isn’t always…

Read more →

In this blog, you will learn how to set up the OpenID Connect Authorization Code Flow using Keycloak. You will execute the flow yourself in order to get a better understanding of OIDC. Enjoy! Introduction Adding security to your application…

Read more →

As software continues to eat the world, and AI becomes a force multiplier for attackers, those of us tasked with defending our systems have to be more focused, deliberate, and proactive in our approaches. We have to rise up to…

Read more →

Your organization’s entire infrastructure moved to the cloud last year, but your security team is still thinking like it’s 2015. They’re applying traditional network security controls to cloud environments, creating bottlenecks that slow down your deployments and leave massive security…

Read more →

In the rapidly evolving landscape of cloud automation and multi-cloud strategies, the secure handling of sensitive data, particularly credentials, has emerged as a paramount concern. Traditional methods of storing long-lived credentials, whether in configuration files, CI/CD pipelines, or dedicated secret…

Read more →

GitHub Copilot is not just a new tool anymore. It’s becoming a code productivity accelerator tool. In regulated industries like fintech, where speed must match uncompromising security standards. AI-assisted coding can shift the developer workflow from reactive to proactive.  In…

Read more →

Infrastructure as Code (IaC) was supposed to solve the chaos of cloud operations. It promised visibility, governance, and the ability to scale infrastructure with confidence. But for many teams, the reality is far from ideal.  Instead of clarity and control,…

Read more →

Picture this: you’re a cybersecurity pro up against an invisible enemy. Hidden in your network are zero-day exploits, which represent unknown vulnerabilities that await their moment to strike. The time you spend examining logs becomes pointless because the attack might…

Read more →

Secure Multi-Tenancy Implementation Guide As a developer who has worked extensively with SaaS applications, I’ve learned that implementing secure multi-tenancy is one of the most critical aspects of building scalable software-as-a-service platforms. Through my experience, I’ve compiled this comprehensive checklist…

Read more →

The cross-section of artificial intelligence and data governance has come to a defining moment in 2025, but Databricks is taking the lead here. As AI technologies and enterprise data ecosystems evolve rapidly, and the ecosystems themselves become more complex, traditional…

Read more →

Microservices enable modern application architecture in today’s fast-changing digital world. They break apps into smaller, deployable services, and this accelerates development, improves scalability, and increases flexibility.  Cloud computing’s capabilities for distributed systems and containerized settings make this step vital, contributing…

Read more →

The comfort zone of anonymization is breaking. For years, enterprises have limited their privacy goals to surface-level techniques of anonymization. Techniques such as Mask PII, which obfuscate identifiers and others, are often assumed to ensure compliance without thorough execution. And…

Read more →

Data modernization is a strategic endeavor that transforms the way organizations harness data for value creation. It involves adopting innovative approaches in terms of accessibility, governance, operations, and technology, typically centered around modern cloud architectures. This transformation is not limited…

Read more →

The principle of least privilege is fundamental to securing cloud environments by ensuring that identities have only the permissions necessary to perform their tasks. In AWS Identity and Access Management (IAM), sticking to the principle of least privilege is one…

Read more →

Working with multiple threads is one of the most complex problems we may encounter in our daily work. When put against the wall of multithreading, most people right away reach out for blocking approaches. In Java, it takes the form…

Read more →