DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

The Latest Security Topics

article thumbnail
RBAC With API Gateway and Open Policy Agent (OPA)
In this article, you will learn how to enable role-based access control (RBAC) with open-source API Gateway Apache APISIX and Open Policy Agent (OPA).
May 25, 2023
by Bobur Umurzokov
· 7,297 Views · 5 Likes
article thumbnail
AI Technology Is Drastically Disrupting the Background Screening Industry
Discover how AI technology is revolutionizing the background screening industry, offering more efficient and cost-effective solutions than ever before.
May 25, 2023
by Ryan Kh
· 5,436 Views · 1 Like
article thumbnail
File Upload Security and Malware Protection
In this article, we implement several of the OWASP recommendations for file upload security. We also dive into malware scanning solutions.
May 25, 2023
by Austin Gil DZone Core CORE
· 4,937 Views · 3 Likes
article thumbnail
Top 10 Pillars of Zero Trust Networks
Ten points to consider in order to achieve a zero trust network for microservices deployed in multicloud Kubernetes clusters.
May 24, 2023
by Debasree Panda
· 5,441 Views · 5 Likes
article thumbnail
DevOps Midwest: A Community Event Full of DevSecOps Best Practices
DevOps Midwest 2023 brought together experts in scale, availability, and security best practices. Read some of the highlights from this DevSecOps-focused event.
May 24, 2023
by Dwayne McDaniel
· 3,534 Views · 1 Like
article thumbnail
SRE vs. DevOps
In this article, you will gain an understanding of the distinctions between Site Reliability Engineering (SRE) and DevOps.
May 24, 2023
by Pradeep Gopalgowda
· 4,847 Views · 2 Likes
article thumbnail
Identify and Fix XSS Vulnerabilities in Your Web App
Cross-site scripting (XSS) is the most severe consequence of poorly implemented frontends. Learn how to protect any front-end app from the XSS threat.
May 24, 2023
by Conty Write
· 3,618 Views · 1 Like
article thumbnail
Auditing Tools for Kubernetes
These tools explain how they can help maintain security and compliance by identifying and mitigating vulnerabilities within a Kubernetes environment.
May 24, 2023
by Vasilii Kulazhenkov
· 11,814 Views · 4 Likes
article thumbnail
8 Data Anonymization Techniques to Safeguard User PII Data
As more personal information is being collected and analyzed by organizations, the need to protect an individual's privacy and prevent the misuse or unauthorized access of the personal data comes with it.
May 23, 2023
by Yash Mehta
· 4,391 Views · 1 Like
article thumbnail
Security Challenges for Microservice Applications in Multi-Cloud Environments
Multi-cloud strategies bring new security concerns. As a result, organizations need to address them at every stage of their security measures.
May 23, 2023
by Pascal Tene
· 6,221 Views · 3 Likes
article thumbnail
IoT's Security Nightmare: Unpatched Devices that Never Die
As the Internet of Things becomes a ubiquitous idea and a fact of life, what happens to all the aging and increasingly insecure Things? According to Wired's Robert Mcmillan, responding to a recent question on the security of IoT from Dan Geer, this may be a serious problem [1][2]. The solution, Mcmillan suggests, is to design these devices with an expiration date. In other words: they need to be programmed to die. The problem may not be too severe now, but the future of the Internet of Things will look different than it does now. Security will likely loosen, because software will be a part of everything, and it tends to be the case that things mass produced to that degree experience a bit of a drop in quality. That, Mcmillan argues, presents a problem: ...all code has bugs, and in the course of time, these bugs are going to be found and then exploited by a determined attacker. As we build more and more devices like thermostats and lightbulbs and smart trashcans that are expected to last much longer than a PC or a phone, maybe we need to design them to sign off at the point where they’re no longer supported with software patches. Otherwise, we’re in for a security nightmare. A similar argument came from Bruce Schneier's interview with Scott Berinato about how future bugs like Heartbleed could impact IoT [3]. Schneier's conclusion is that processes must be built into IoT devices and development to allow for regular patching and securing of embedded systems. How practical is that, though? Mcmillan points to some recent scenarios where these fears have already come true: the lack of support for Linksys routers infected with Moon Worm, for example. Long-term patching would solve these issues, but will the increasing number of organizations developing IoT products be forward-thinking enough to care? It's also not as if the problem will fade as the products become less popular, Mcmillan says: Researchers have studied the way that security vulnerabilities are discovered, and what they’ve found is that security bugs will keep cropping up, long after most software is released... in fact, they’ll only get worse. Open sourcing technology as it ages may also be a solution, Mcmillan says. However, even that is imperfect and requires a lot of cooperation from companies who may not be enthusiastic about such cooperation, as well as a base of developers interested enough in the technology to maintain it. So, creating devices with an expiration date may be one of the most practical solutions. Otherwise, what happens when IoT is everywhere? What happens when we stop taking care of the things that we build? [1] http://www.wired.com/2014/05/iot-death/ [2] http://geer.tinho.net/geer.secot.7v14.txt [3] https://dzone.com/articles/heartbleed-iot-how-much-worse
May 23, 2023
by Alec Noller
· 8,797 Views · 1 Like
article thumbnail
What Is Istio Ambient Mesh?
Istio has released a sidecar-less data plane called ambient mode. Explore its architecture and the benefits it can bring to enterprises.
May 22, 2023
by Debasree Panda
· 2,263 Views · 4 Likes
article thumbnail
Developers Are Scaling Faster Than Ever: Here’s How Security Can Keep Up
We know traditional security practices can’t support this scale, so how do modern practices allow us to scale security with these architectures?
May 22, 2023
by Aakash Shah
· 3,044 Views · 1 Like
article thumbnail
VPN Architecture for Internal Networks
This article delves into different system components, from the client and DNS, to the load balancer server, firewall, service instances, and other core elements.
May 22, 2023
by Dmitrii Bezrukov
· 8,039 Views · 3 Likes
article thumbnail
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Kubernetes security is more important than ever and should be top-of-mind for most teams. Walk through the latest in k8s security solutions from KubeCon 2023.
May 22, 2023
by John Vester DZone Core CORE
· 48,816 Views · 4 Likes
article thumbnail
Internet of Doom: The Security Vulnerabilities of Connected Devices
Security in the Internet of Things is a fairly common concern these days - you know, Heartbleed, toasters, that kind of thing - but you may not even have considered the greatest threat to your connected devices: classic 1990s first person shooters. That's the scenario presented in this recent experiment from Context Information Security. By taking advantage of a web interface that require no user authentication, the Context team managed to get Doom up and running on a Canon Pixma printer. Obviously Doom is not the point in itself, so much as an illustration of the vulnerability, but it definitely gets the idea across. According to Michael Jordon at Context, the vulnerability was fairly serious: At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what? The issue is with the firmware update process. While you can trigger a firmware update you can also change the web proxy settings and the DNS server. If you can change these then you can redirect where the printer goes to check for a new firmware. So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell - nothing... Jordon's post goes into detail on how the encryption was broken. Canon was contacted and informed of the problem, and responded that it would be fixed, but Jordon warns that it's not a unique scenario. While this particular technique is not currently a common concern, it demonstrates the reality of security concerns when it comes to IoT devices. Once everything is connected, how many devices will be vulnerable? How confident can we be that the creators of these devices will be cognizant of these issues? As a potential catch-all solution, Context offers a strange bit of advice: Context recommends that you do not put your wireless printers on the Internet, or any other ‘Internet of Things’ device. So, there you go - one way to be sure. The Internet of Things can't help but be secure if you get rid of that whole "Internet" part.
May 22, 2023
by Alec Noller
· 8,279 Views · 1 Like
article thumbnail
How to Handle Secrets in Kubernetes
One crucial aspect of ensuring a secure Kubernetes infrastructure is the effective management of secrets, such as API keys, passwords, and tokens.
May 21, 2023
by Keshav Malik
· 2,685 Views · 2 Likes
article thumbnail
The Role of Open Source in Cloud Security: A Case Study With Terrascan by Tenable
Open-source software and cloud-native infrastructure are inextricably linked and can play a key role in helping to manage security.
May 18, 2023
by Christina DePinto
· 3,852 Views · 2 Likes
article thumbnail
Change Control Doesn’t Work: When Regulated DevOps Goes Wrong
In this article, I explore a use case and dive deeper into the question, "Is change management the best way to manage IT risk?"
May 18, 2023
by Mike Long
· 5,731 Views · 1 Like
article thumbnail
How To Check IP Addresses for Known Threats and Tor Exit Node Servers in Java
This article discusses the importance of detecting threatening IP addresses in various forms and provides two API solutions to help detect those threats.
May 18, 2023
by Brian O'Neill DZone Core CORE
· 4,986 Views · 3 Likes
  • Previous
  • ...
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • ...
  • Next
  • RSS
  • X
  • Facebook

ABOUT US

  • About DZone
  • Support and feedback
  • Community research

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 215
  • Nashville, TN 37211
  • [email protected]

Let's be friends:

  • RSS
  • X
  • Facebook
×