Tag: DZone Security Zone

Working with multiple threads is one of the most complex problems we may encounter in our daily work. When put against the wall of multithreading, most people right away reach out for blocking approaches. In Java, it takes the form…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. High-profile software supply chain attacks like SolarWinds, Log4j, and MOVEit highlight the…

Read more →

Are you looking for a way to expose your containerized applications to the internet without breaking compliance with IBM Cloud for Financial Services? This guide walks through how to do just that. It shows how to securely expose your apps…

Read more →

Picture this: you’re a cybersecurity pro up against an invisible enemy. Hidden in your network are zero-day exploits, which represent unknown vulnerabilities that await their moment to strike. The time you spend examining logs becomes pointless because the attack might…

Read more →

In multi-tenant systems—whether you’re managing an API gateway, identity platform, or SaaS product—access control is essential. Two of the most widely used tools for managing that access are allowlists and denylists. These mechanisms define who or what is permitted or rejected,…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. The software supply chain has rapidly evolved into a critical vulnerability point…

Read more →

API management has emerged as a critical and strategic factor in staying ahead of the market leaders. However, digital transformation has significant disadvantages, such as opening the door to hackers.  Hackers have been quick to take advantage of a serious…

Read more →

Applications related to the web enable business, e-commerce, and user interactions to be the backbones of the e-world of a more and more digital world. In this growth, there is one thing that has gone up, and that is web…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. In today’s software landscape, the supply chain has grown from a controlled…

Read more →

Web development in 2025 has evolved at an incredible pace. We’ve gone from clunky monoliths to sleek, scalable apps powered by frameworks like Next.js, which millions of developers now rely on for building modern, server-rendered React applications. But as our…

Read more →

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In the last two blog posts of this multi-part series on continuous compliance, we presented Compliance Policy Administration Centers (CPAC)…

Read more →

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. The goal of DevOps and DevSecOps — and whatever future contractions come…

Read more →

Modern CI/CD pipelines are essential for rapid and reliable software delivery. But as pipelines automate more stages of the development lifecycle—from code validation to production deployment—they have also become a major target for exploitation. Traditional pipelines often operate on broad…

Read more →

SSL/TLS certificates are foundational to secure communications on the internet. However, Windows environments present unique challenges that go beyond basic certificate installation and troubleshooting.  If you’re already familiar with SSL fundamentals, you’ll want to know how to handle complex certificate…

Read more →

Look, I’ve been in cybersecurity for over a decade, and I’m tired of seeing the same preventable disasters over and over again. Cloud security breaches aren’t happening because of some sophisticated nation-state actor using a zero-day exploit. They’re happening because…

Read more →

Cloud platforms have become prime targets for ransomware and malware attacks, which can paralyze businesses by encrypting data or exfiltrating sensitive information. Traditional security tools such as signature-based antivirus and rule-based systems often struggle to detect advanced threats that mutate…

Read more →

Speed kills. In software development, that axiom has never been more literal. DevOps pipelines surge through modern enterprises like digital bloodstreams — pumping code, configurations, and deployments at breakneck velocity. Continuous integration and continuous delivery are the promises of rapid…

Read more →

It’s no secret that technology is evolving much faster than our traditional Identity and Access Management systems can handle. These legacy systems were designed for simpler times, when everything was hosted locally and security was perimeter-based. So, in an era…

Read more →

Emerging technologies like homomorphic encryption and zero-knowledge proofs can definitely help organizations approach zero-trace personal data anonymization. These and similar techniques can bring datasets to a near-zero-trace status, even achieving it in limited cases. There’s a major force that’s acting…

Read more →

Recently, I explored how the Model Context Protocol (MCP) is gaining traction in the Java ecosystem, with frameworks like Spring AI, Quarkus, and LangChain4j starting to adopt it for integrating language models via standardized interfaces. It was also time to…

Read more →