DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Data Encryption Is the First Line of Defense Against Identity Theft and Cybercrime
  • Container vs. VM Security: Which Is Better?
  • Removing the Bastion Host and Improving the Security in AWS
  • Mitigating DevOps Repository Risks

Trending

  • DZone's Article Submission Guidelines
  • Monkey-Patching in Java
  • Demystifying Project Loom: A Guide to Lightweight Threads in Java
  • REST vs. Message Brokers: Choosing the Right Communication
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Secure Yourself for National Cyber Security Awareness Month

Secure Yourself for National Cyber Security Awareness Month

October is National Cyber Security Awareness Month. Check out this post to make sure you are practicing strong security habits.

Chris Ward user avatar by
Chris Ward
CORE ·
Updated Oct. 24, 18 · Opinion
Like (2)
Save
Tweet
Share
4.14K Views

Join the DZone community and get the full member experience.

Join For Free

October is all about highlighting the needs of security in the modern connected world. I've already read a lot of posts that cover the same ideas and advice. In this post, I'm going to attempt to highlight advice that isn't so obvious and that is, hopefully, more useful for developers.

Clearing the Elephants

OK, maybe I do need to quickly mention the obvious stuff — just to be sure. But, I'll merely scratch the surface. Things like:

  • Keep your software up to date. Alternatively, if you want to be extra cautious, read release notes first and then update your software.
  • Use a trusted VPN service when you use public Wi-Fi, or all the time — that's up to you.
  • Regularly scan your machines for malware; macOS users are not exempt.
  • Use a password manager, or if you have a magical brain and can remember them, use multiple secure passwords.
  • Use two-factor authentication on at least your essential and most vulnerable services. Don't forget your developer-focused services such as cloud hosting.
  • Backup your data, regularly, to multiple places.

Doing all this already? Then, let's move on.

Lock Your Computer

I spend half the week in a coworking space, and I have lost count of the number of times I see people with covers over their cameras for privacy, but who leaves their computer unlocked, sometimes for hours. There is little point in protecting your privacy if you leave your computer open to anyone in the vicinity. Every operating system offers a way to lock a screen with a quick mouse or keyboard shortcut, and with the increasing regularity of fingerprint readers in laptops, unlocking them again is also not a lengthy process.

If you are part of a company in an office, you probably have a security policy for locking screens and a minor penalty for not doing so. For example, one startup I used to work for allowed coworkers to post a David Hasselhoff emoji to Slack if someone left their computer unlocked. This practice leads to good habits and a habit that I now find hard to stop: automatically locking my computer the second I walk away from my desk.

Secrets and Tokens

It's all too easy to allow account information and access tokens to leak out onto the web via repositories or insecure file systems, potentially giving parties undesired levels of access to your systems and data. There are now many tools that provide a better way to propagate such information through your application stack. With services such as GitHub, now even with automatically scanning for potentially leaked information, there's little excuse anymore. Type "secrets management" into the search box above, and you'll find dozens of posts on DZone to get you started on any platform you use.

HTTPS and Encryption

Google is now downgrading listings of any site that doesn't use HTTPS, so it's almost obligatory for your web-facing services to run over HTTPS. Setting up an HTTPS connection is much easier than it used to be, but there are still many myths around the protocol — read this great post to dispel a few. Finally, don't forget about any sensitive data that may be flying back and forth between other services behind public-facing services. That communication should also be over encrypted channels.

Don't Create the Weakest Link

I used to spend a lot of my time implementing and customizing content management systems, and in the heady days of the mid-2000s, Wordpress was known for its vulnerability issues. Maybe they still exist; it's been a while, but often, the vulnerability wasn't Wordpress itself, but components around it. If you have the most up-to-date versions of Wordpress and PHP but use cheap, shared hosting with weak passwords or an overly accessible file system, then your efforts are likely wasted.

Similarly, a large proportion of hacks happen via social engineering and exploiting people, not technology. This subject is broad, but in summary, if something seems too good to be true, or even slightly suspicious, take care.

It's easy for nefarious individuals to exploit a tiny gap in your security armor and gain access to more than you realize, so always review and try to find those small overlooked gaps to test.

Want to Learn More?

DZone has a healthy security channel where you can find a variety of posts on the topic of security. Here's some that I recommend:

  • Building for Privacy: a How-to Guide for Application Developers
  • Security Monitoring for Enterprises: Top 7 Considerations
  • DZone Research: The Future of Security
security operating system

Opinions expressed by DZone contributors are their own.

Related

  • Data Encryption Is the First Line of Defense Against Identity Theft and Cybercrime
  • Container vs. VM Security: Which Is Better?
  • Removing the Bastion Host and Improving the Security in AWS
  • Mitigating DevOps Repository Risks

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: