Tag: DZone Security Zone

Attackers only really care about two aspects of a leaked secret: does it still work, and what privileges it grants once they are in. One of the takeaways from GitGuardian’s 2025 State of Secrets Sprawl Report was that the majority…

Read more →

Done well, knowledge base integrations enable AI agents to deliver specific, context-rich answers without forcing employees to dig through endless folders. Done poorly, they introduce security gaps and permissioning mistakes that erode trust. The challenge for software developers building these…

Read more →

You think you know your SDLC like the back of your carpal-tunnel-riddled hand: You’ve got your gates, your reviews, your carefully orchestrated dance of code commits and deployment pipelines.  But here’s a plot twist straight out of your auntie’s favorite…

Read more →

In multi-user environments with high-security requirements, robust permission controls are fundamental for resource isolation. Linux’s file permission model provides a flexible access control mechanism, ensuring system security through user/group permission settings. For distributed file systems supporting Linux, compliance with this…

Read more →

Series Overview This article is Part 4 of a multi-part series: “Development of system configuration management.” The complete series: This article has been indexed from DZone Security Zone Read the original article: Development of System Configuration Management: Summary and Reflections

Read more →

Enterprise data solutions are growing across data warehouses, data lakes, data lakehouse, and hybrid platforms in cloud services. As the data grows exponentially across these services, it’s the data practitioners’ responsibility to secure the environment with secure guardrails and privacy…

Read more →

Series Overview This article is Part 3 of a multi-part series: “Development of system configuration management.” The complete series: This article has been indexed from DZone Security Zone Read the original article: Development of System Configuration Management: Performance Considerations

Read more →

We’ve normalized multi-factor authentication (MFA) for human users. In any secure environment, we expect login workflows to require more than just a password — something you know, something you have, and sometimes something you are. This layered approach is now…

Read more →

Ransomware remains one of the biggest threats to individuals and corporations, primarily because cybercriminals relentlessly look for loopholes. With traditional measures struggling to keep pace with cyber threats, the shift to artificial intelligence (AI) and machine learning (ML) can be…

Read more →

Privacy-preserving techniques are keeping your data safe in the age of AI. In particular, federated learning (FL) keeps data local, while differential privacy (DP) strengthens individual privacy. In this article, we will discuss challenges associated with this, practical tools, and…

Read more →

With the increasing use of Open GPTs in industries such as finance, healthcare, and software development, security concerns are growing. Unlike proprietary models, open-source GPTs allow greater customization but also expose organizations to various security vulnerabilities. This analysis explores real-world…

Read more →

Have you heard of the new OWASP Top 10 for Large Language Model (LLM) Applications? If not, you’re not alone. OWASP is famous for its “Top 10” lists addressing security pitfalls in web and mobile apps, but few realize they’ve…

Read more →

The Open Worldwide Application Security Project, OWASP, has just released its top 10 non-human identities risks for 2025. While other OWASP resources broadly address application and API security, none focus specifically on the unique challenges of NHIs. This new document…

Read more →

Any modern application is centered around APIs. They drive mobile applications, link business systems, and deliver new digital experiences. However, the convenience has its own risks — attackers often use APIs to break into systems. Basic security steps like authentication…

Read more →

Traditional authentication methods — passwords, centralized databases, and third-party identity providers — are plagued by security breaches, identity theft, and data privacy concerns. Blockchain-based authentication offers a decentralized, tamper-proof, and more secure alternative.   In this deep dive, we’ll explore:…

Read more →

Would you rather have determined that you are in fact secure, or are you willing to accept that you are “probably” doing things securely? This might seem like a silly question on the surface, after all, audits don’t work on…

Read more →

In this blog, we will take a closer look at Spring Security, specifically in combination with Keycloak using OpenID Connect, all supported with examples and unit tests. Enjoy! Introduction Many applications are supported by means of authentication and authorization. However,…

Read more →

Series reminder: This series explores how explainability in AI helps build trust, ensure accountability, and align with real-world needs, from foundational principles to practical use cases. Previously, in Part VII: SHAP: Bringing Clarity to Financial Decision-Making. This article has been indexed from…

Read more →

Enterprise cloud architecture demands sophisticated orchestration of infrastructure, configuration, and workload management across diverse computing platforms. The traditional approach of manual provisioning and siloed tool adoption has become a bottleneck for organizations seeking cloud-native agility while maintaining operational excellence. This…

Read more →

In the previous articles of this series, we explored the importance of data governance in managing enterprise data effectively (Part 1), how BigID supports data governance, particularly for data privacy, security, and classification (Part 2), and the role of Data…

Read more →