Tag: DZone Security Zone

Security continues to be one of the most important aspects of web3. As a developer, you should be securing your smart contracts by ensuring that testing — specifically a wide variety of testing — is integrated into your smart contract…

Read more →

When exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks. Rate limiting comes to mind first, but it shouldn’t stop there. We can factor many features in the API Gateway…

Read more →

Infrastructure as Code (IaC) has emerged as a pivotal practice in modern software development, enabling teams to manage infrastructure resources efficiently and consistently through code. This analysis provides an overview of Infrastructure as Code and its significance in cloud computing…

Read more →

Increasing adoption of SaaS Applications and Web Based solutions created a demand for data and resource sharing. Cloud computing provides a combination of infrastructure, platforms, data storage, and software as services. It has replaced grid computing over the years and…

Read more →

Many companies strive to adopt the DevOps approach for software development and delivery. Alongside this, they face increasing security challenges, leading to the implementation of new innovative software development methods. The need for security in the software deployment process is…

Read more →

Cybersecurity threats are real, and with the enhanced proliferation of digitization in the business landscape today, websites have become an integral part of business communication with customers and partners. Therefore, companies look for new and secure ways to protect their…

Read more →

We all want to deliver quality experiences to our customers. Before we can ensure a quality experience for our customers, it is essential to establish a clear definition of quality specific to the product we are developing. Once established, embracing…

Read more →

In the video below, we will cover real-life considerations when working with dependencies in Java: How to find and trust the right dependencies How to consistently keep them updated How to protect against vulnerabilities How to handle team backlash against…

Read more →

A robust digital presence is essential in today’s business landscape. Web development evolves constantly with new frameworks and libraries for dynamic web applications. These platforms connect with your audience and boost business productivity. Embracing these advancements is vital for success…

Read more →

In recent years, cloud computing has emerged as a game-changer for businesses of all sizes. The ability to store and access data and applications over the internet has revolutionized the way companies operate, enabling them to be more agile, efficient,…

Read more →

Welcome to the world of Javascript development, where building, testing, and deploying applications can be complex and time-consuming. As developers, we strive to automate these tasks as much as possible, and that’s where npm scripts come in. npm scripts are…

Read more →

In today’s data-driven world, Customer Data Platforms (CDPs) play a pivotal role in helping businesses harness and utilize customer data effectively.   These platforms consolidate data from various sources, providing valuable insights into customer behavior and preferences. They enable businesses to comprehensively understand their customers, facilitating targeted marketing…

Read more →

Consistently in the top rankings of the TIOBE index for the past two decades, and with a current TIOBE ranking of 4, Java has proved to be one of the most popular programming languages even after more than 25 years…

Read more →

In today’s constantly evolving digital landscape, staying ahead of the competition requires organizations to innovate continuously. Additionally, delivering high-quality software at an accelerated pace has become essential. This is where DevOps comes into play. DevOps, short for Development and Operations,…

Read more →

Software supply chain security is a threat area that was popularized by SolarWinds and Log4j. For the first time there was widespread awareness of how exploiting popular software artifacts (libraries, frameworks, etc.) can give hackers entry, where they can then…

Read more →

Platform teams are an integral part of an IT solution delivery organization.  Every IT organization has a way of structuring its platform team based on its context and multiple considerations, including alignment with the Development or Operations of other units,…

Read more →

With the ever-increasing amount and variety of data, constantly growing regulations and legislation requirements, new capabilities and techniques to process the data, to become a data-driven organization, CIBC goes through enormous changes in all aspects of leveraging, managing, and governing…

Read more →

On March 20th, 2023, OpenAI took down the popular generative AI tool ChatGPT for a few hours. It later admitted that the reason for the outage was a software supply chain vulnerability that originated in the open-source in-memory data store…

Read more →

The universe of web improvement has gone through a beautiful development since its initial days during the commencement of the web. The method involved with creating and overseeing sites and online applications has gone through astounding progressions, molding the computerized…

Read more →

There have been major advances made in the use of machine learning models in a variety of domains, including natural language processing, generative AI, and autonomous systems, to name just a few. On the other hand, as the complexity and…

Read more →

Choosing the right data solution for your business can be a challenging process because there’s a wide selection of them, and even the same data can be processed and packaged differently. I’m here to help you understand when you should…

Read more →

As businesses aim to provide personalized experiences to their customers, they are increasingly integrating connected IoT devices into their operations. However, as the IoT ecosystem expands, protecting data from malicious individuals who may try to access and misuse personal information…

Read more →

OpenTelemetry (OTel) is an open-source standard used in the collection, instrumentation, and export of telemetry data from distributed systems. As a framework widely adopted by SRE teams and security teams, OTel is more than just one nice-to-have tool among many;…

Read more →

Nowadays, most people take it as a fact that the software we use daily is secure, and that is not really representative of the reality we live in in the software industry. A lot of the software on the market…

Read more →

Running tests is the necessary evil. I have never heard two or more engineers at the water cooler talking about the joys of test execution. Don’t get me wrong, tests are great; you should definitely have plenty of them in…

Read more →

With the COVID-19 outbreak, the e-commerce industry experienced significant growth, as the demand for online sales increased exponentially. With the decrease in live sales, multiple organizations, which ignored the online world or just hadn’t prioritized this marketing and sales channel…

Read more →

In the dynamic environment of software development, effective management of dependencies between pull requests (PRs) is pivotal to enabling smooth collaboration and seamless code integration.  But let’s face it, juggling dependencies manually can be a real challenge! This article has…

Read more →

If you work in software development, or indeed within any sector of the technology industry, you will have undoubtedly been part of discussions about, read headlines on, or even trialed a platform for generative artificial intelligence (AI). Put simply, this…

Read more →

The hype around blockchain technologies may have quieted, but the builders are still building. The toughest technical problems that kept blockchain from mass adoption over the past few years—slow and expensive transactions—are being solved by layer 2s. zkEVMs, and Linea…

Read more →

If we look at the banking market (7.5 trillion euro in 2022) and insurance ($5.6 trillion in 2022) applications, we will find it very regulative. Responsibility to act with personal data securely leads many companies to have a private cloud…

Read more →

Understanding the Need for Enhanced Security and Compliance In today’s digital world, data security, and privacy have become top priorities for businesses. With the increasing threat of cyberattacks and data breaches, it’s no longer enough to rely on traditional security…

Read more →

Amidst the rapid advancements in the utility and energy industry, where demands continually escalate, the role of IT operations has grown significantly, requiring enhanced capabilities to ensure seamless operations. The global IT operations and service management market is expected to…

Read more →

This article delves into additional authentication methods beyond those covered in previous articles. Specifically, we will explore token-based authentication and OAuth 2.0, explaining their concepts and demonstrating their implementation in MQTT. This article has been indexed from DZone Security Zone…

Read more →

Introduction to Biometrics Biometrics measures and analyses an individual’s physical and behavioral characteristics. It is a technology used for proper identification and access control of people under surveillance. The theory of biometric authentication is that everybody can be accurately identified…

Read more →

The importance of secure web applications can never be overstated. Protecting sensitive user data and making sure proper authentication is in place are essential whether you’re creating a straightforward blog or a sophisticated corporate solution. This is where the potent…

Read more →

In previous posts, we introduced that through the Username and Password fields in the MQTT CONNECT packet, we can implement some simple authentication, such as password authentication and token authentication. This article will delve into a more advanced authentication approach…

Read more →

I have already described how to secure a Spring Boot 2-based REST API with Keycloak here. Today, I would like to create a separate text with the same topic but for Spring Boot 3 — a newer, shiner version of…

Read more →

Veteran engineers likely remember the days of early software development, when software releases were delayed until they included all desired code complete features. This method resulted in extremely long wait times for users, not to mention security concerns and errors…

Read more →

In today’s world, databases are valuable repositories of sensitive information, and attackers are always on the lookout to target them. This has led to a rise in cybersecurity threats, making it essential to have proper protection measures in place. Oracle…

Read more →

The digital-first era has undoubtedly broadened the horizons of possibilities but has eventually increased the threat vector and created new vulnerabilities.  Whether we talk about phishing attacks or modern brute-force attacks where individuals’ identities are compromised, ignoring the importance of…

Read more →

Data Platform Evolution Initially, data warehouses served as first-generation platforms primarily focused on processing structured data. However, as the demand for analyzing large volumes of semi-structured and unstructured data grew, second-generation platforms shifted their attention toward leveraging data lakes. This resulted in…

Read more →

In previous articles, we explored authentication and access control mechanisms. Now it’s time to shine a light on the crucial role of Transport Layer Security (TLS) in fortifying MQTT communication. This article will focus specifically on TLS and its ability…

Read more →

Most folks managing or working within a DevOps organization are already familiar with the book “Accelerate” and DevOps Research and Assessment, commonly abbreviated as DORA, metrics. For those who are not familiar or just need a quick refresher, DORA metrics…

Read more →

Automated CI/CD (continuous integration/continuous delivery) pipelines are used to speed up development. It is awesome to have triggers or scheduling that take your code, merge it, build it, test it, and ship it automatically. However, having been built for speed…

Read more →

Secure code review is essential for ensuring software applications’ security and integrity. By examining the codebase for potential vulnerabilities and weaknesses, developers can identify and address security issues before malicious actors exploit them. This article will discuss some best practices…

Read more →

When we say DevOps, it quickly conjures up an image of a development and operations team that works together — collaboratively and communicatively. DevOps uses tools like automation, continuous integration, and monitoring. This way, the software development process picks up speed and…

Read more →

DevOps security is a set of practices that integrate security processes, people, and DevOps security tools into the development pipeline, enabling organizations to deliver software in a secure environment continuously. Whether you call it DevSecOps, network security, cyber security, DevOps and…

Read more →

Traditionally, security was often an afterthought in the software development process. The security measures were implemented late in the cycle or even after deployment. DevSecOps aims to shift security to the left. In DevSecOps, security is incorporated from the earliest…

Read more →

Amazon Web Services (AWS) provides a robust and scalable cloud computing platform that is widely adopted by organizations. However, with the increasing reliance on AWS services, ensuring proper security measures is crucial to protect sensitive data and maintain the integrity…

Read more →

Welcome back, developers and security enthusiasts! In the previous blog, “Implementing RESTful endpoints: a step-by-step guide,” we covered the essential foundations of API security, including authentication, authorization, and secure communication protocols. Now, it’s time to level up and delve into advanced…

Read more →

APIs are everywhere, and in most cases, we don’t give them much thought, even when using them multiple times a day. Whenever you log into a website using your Google or Facebook account, check the location of a new restaurant…

Read more →

AWS Vault is an open-source tool by 99Designs that enables developers to store AWS credentials in their machine keystore securely. After using it for a while at Jit, I decided to dig deeper into how it works and learned a…

Read more →

As the digital revolution reshapes government operations worldwide, Application Programming Interfaces (APIs) have emerged as a critical tool in driving digital transformation. Through APIs, governments can ensure smoother interoperability between various systems, facilitate data sharing, and innovate public services. Here,…

Read more →

The rise of cloud computing and SaaS (Software as a Service) has dramatically reshaped the digital landscape, offering companies numerous benefits like scalability, cost-efficiency, and flexibility. In fact, the five largest SaaS companies in the U.S. have a combined market…

Read more →

Angular v16, the latest major release of the Angular framework, introduces a number of exciting new features and improvements. These features are designed to make Angular development more efficient, scalable, and secure. Rethinking Reactivity One of the most significant changes…

Read more →

Kubernetes (also called K8s) remains the most in-demand container for developers. Originally developed by engineers at Google, K8s has achieved global fame as the go-to solution for hosting across on-premise, public, private, or hybrid clouds. Insights from Statista show the…

Read more →

As enterprise cloud storage solutions steadily gain momentum across global markets, the anti-virus and malware security policies deployed to protect these pay-per-scale services become more and more robust. Naturally, the taller the castle wall becomes, the higher the siege ladder…

Read more →

Introduction Cloud databases are the future of data storage and management. With the advancement of technology, businesses and organizations have recognized the need to store data on the cloud. The cloud database is a type of database that is stored…

Read more →

Last week, we described the concept behind sticky sessions: you forward a request to the same upstream because there’s context data associated with the session on that node. However, if necessary, you should replicate the data to other upstreams because…

Read more →

In the fast-paced world of software development, DevSecOps principles have emerged as a crucial approach for organizations to streamline their software delivery processes, improve collaboration between teams, and achieve faster time-to-market. In this context, the DevSecOps Research and Assessment (DORA)…

Read more →

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. It has gained popularity among developers and enterprises for its ability to provide a scalable, reliable, and efficient infrastructure for deploying modern applications.…

Read more →

Microservices architectures have gained popularity due to their scalability, agility, and flexibility. However, with these architectures’ increased distribution and complexity, ensuring robust security measures becomes paramount. The security of microservices extends beyond traditional approaches, requiring a comprehensive strategy to protect…

Read more →

The requirement for monitoring, identifying harmful behaviors, and preventing or notifying of these activities is growing quickly as the number of malicious insider and external attacks rises. The threat landscape is constantly changing, making strong security monitoring and detection solutions…

Read more →

In today’s fast-paced digital landscape, ensuring the security of software applications is of paramount importance. Traditional software security practices often involve cumbersome and time-consuming processes that hinder productivity and hinder the rapid deployment of applications. That’s where DevSecOps comes in.…

Read more →

In today’s rapidly evolving digital landscape, cloud-native applications have become the backbone of many organizations, offering scalability, flexibility, and agility. However, as the reliance on cloud-native technologies grows, so does the need for robust security measures to protect these applications…

Read more →

RESTful APIs have become a crucial component of modern web development, providing a way to interact with resources and data through a simple and consistent interface. However, as with other web-based applications, security must be a top priority when developing…

Read more →

You should be familiar with APIs, especially if you have worked with a developer or designer. But in case you haven’t, then let’s start by saying that APIs are powerful secret agents that empower mobile apps with useful features and…

Read more →

In the world of computer security, whitelisting and blacklisting are two common methods used to control access to resources. These methods are used to prevent unauthorized access to a system and to ensure that only approved applications and services are…

Read more →

Data governance is a framework created by the collaboration of people with various roles and responsibilities working towards establishing the processes, policies, standards, and metrics to achieve the organization’s goals. These goals can range from providing trusted data for businesses…

Read more →

The worth of the Cloud Computing market is estimated to hit USD 1,614.10 billion with a projected CAGR of 17.43 percent by the year 2030. The big giants that hold the market share in the cloud market are AWS, Google Cloud Platform,…

Read more →

Blockchain technology is an emerging technology field, and to explore its wide use of application, several companies have a dedicated research teams for the same. One such field that could take advantage of this technology is risk assessment. Blockchain technology…

Read more →

What Are Secure Properties? One of the best practices in any application development is to keep the application properties configurable rather than hard-coded. This is achieved by keeping the properties in property files. These application properties are very much required…

Read more →

In today’s digital landscape, data security is a paramount concern for organizations of all sizes. With the increasing volume and complexity of data breaches, businesses must adopt robust security measures to protect their sensitive information. Amazon Web Services (AWS) understands…

Read more →

In the realm of cloud computing, Amazon Web Services (AWS) EC2 instances have gained immense popularity for their scalability, flexibility, and reliability. Managing these instances often requires remote access for administrative tasks, debugging, or troubleshooting. To address the security concerns…

Read more →

Continuing our exploration of APIs and their fascinating capabilities, we delve deeper into the realm of API headers. Building upon the insights shared in our previous blog, ‘Using Query Parameters and Headers in REST API Design,’ where we’ve discussed that…

Read more →

Understanding less frequently used HTTP methods is crucial for comprehensive API development. While widely known methods like GET and POST form the foundation of web communication, there are specialized methods that are not as commonly used. These methods have specific…

Read more →

With over 80% of workloads worldwide virtualized, virtualization security is a concern for organizations regardless of size, goal, and industry. Proper protection systems for a particular organization’s workloads and data are necessary to support production and service availability. In this…

Read more →

Object-oriented programming (OOP) has become a fundamental paradigm in software development, revolutionizing the way we design, implement, and maintain complex systems. By organizing code into reusable objects with their own properties and behaviors, the four pillars of OOP are code organization,…

Read more →

In this version (version 1), we will explore the concept of IDP federation and its uses in the large enterprise for smooth access management where there is a need to handle heterogeneous sets of users. In version 2, we will…

Read more →

The open-source GraphQL query language has a ton to offer enterprises seeking a more scalable, flexible, developer-friendly, and modernized approach to API-driven development. That said, because I’m a security professional, I tend to focus on the new opportunities GraphQL also…

Read more →

Web 3.0 has grown in popularity over the last few years and has fast become a tool for the empowerment of users in regard to ownership and sharing of data. The premise is that Web 3.0 will bring back the…

Read more →

Test-driven development (TDD) is a software development approach that prioritizes writing automated tests while creating the actual code. There follows a cycle of writing a failed test, writing the code to make the test pass, and then refactoring the code.…

Read more →

The Google-created Angular framework that uses JavaScript is quite popular in developing web applications. The AngularJS framework has been completely rewritten, and Angular is intended specifically for creating dynamic programming structures. Angular allows developers to create clean, maintainable, and high-performing…

Read more →

When your organization installs a security monitoring app like Zscaler on your workstation, it could hinder your productivity by blocking many existing third-party apps you have been using for your development or testing deliverables.  In many cases, once installed, you…

Read more →

Welcome to this beginner’s guide to using Python for website analysis! As a programming language, Python has been around for over 30 years, but its popularity has skyrocketed in recent years due to its ease of use and versatility. Python…

Read more →

In today’s (mostly) digital world, maintaining data privacy and data security should be an ongoing discussion in all businesses, especially those developing applications, both internal business shops and software shops selling solutions. That said, compliance and privacy issues are not…

Read more →

Compared to a couple of years ago, open-source authentication has seen huge progress. In this post, we’ll compare three of the leading open-source authentication providers – Ory, Keycloak, and SuperTokens. Each of these providers has its own set of pros…

Read more →

AI is already preventing the most common types of cyberattacks in several ways. Here are four examples: Malware detection: AI detects malware by analyzing its code or behaviour. For example, AI can be used to identify known malware signatures or…

Read more →

Microservices architecture has emerged as a popular solution for building complex and scalable applications. In a microservices architecture, an application is broken down into a collection of loosely coupled, independently deployable services that communicate with each other via APIs. This…

Read more →

Privacy laws worldwide prohibit access to sensitive data in the clear such as passport numbers and email addresses. It is no different when persisting to operational logs. One approach can be to anonymize the data before persisting it. However, this…

Read more →

Working with IoT startups worldwide, I’ve noticed that many of my customers do not fully understand the importance of IoT security. Meanwhile, an independent study by SAM Seamless Network claims that more than a billion IoT devices were hacked last…

Read more →

Preparing for Black Hat 2023, it seems like API security will be a key issue. Here’s what you need to know. What’s an API? An API, or application programming interface, is a set of definitions and protocols for building and…

Read more →

As the artificial intelligence (AI) landscape continues to rapidly evolve, new risks and vulnerabilities emerge. Businesses positioned to leverage large language models (LLMs) to enhance and automate their processes must be careful about the degree of autonomy and access privileges…

Read more →

As cyber threats evolve and become more sophisticated, organizations must adopt proactive approaches to safeguard their digital assets. Threat hunting has emerged as a critical practice in cybersecurity, enabling professionals to stay one step ahead of malicious actors. In this…

Read more →

In today’s digital landscape, cybercrime is evolving at an unprecedented rate. This alarming growth exposes businesses to severe vulnerabilities, compelling them to take strategic measures to ensure their IT infrastructure safety against cyber threats. The dynamic nature of the digital…

Read more →

Many entrepreneurs consider DevOps solutions useful for startups and technology companies. The reason behind this notion is the chief objective of DevOps implementation, which is to help companies build their culture or establish cloud-native roots. However, the reality is completely…

Read more →

This article aims the following audiences: Tech workers Students Product managers Marketing team Sales team There are no prerequisites to reading this article. I assume that you have used a web browser to navigate across the internet.  This article has…

Read more →

As our world becomes increasingly automated, the role of artificial intelligence (AI) in various domains has grown exponentially. While AI brings numerous benefits and advancements, it also introduces new threats and challenges in cybersecurity. This article will delve into the…

Read more →

Building web applications is an art that has continued to evolve since the advent of the internet. Today, the Microsoft .NET platform stands as one of the reliable, versatile, and powerful frameworks for creating modern web applications. From desktop to…

Read more →

As the move to the cloud accelerates, organizations increasingly rely on large data teams to make data-driven business decisions. To accomplish their jobs, data professionals work with dedicated tools that are often deployed to development and production environments and are…

Read more →