Блог DZone Security | DevsDay.ru

IT-блоги Блог DZone Security

IT-блоги Блог DZone Security

Безопасность DZone Security 5 августа 2021 г. 22:05

As the number of services grows in an organization, the problem of secret management only gets worse. Between Zero Trust and the emergence of microservices, handling secrets such as tokens, credentials, and keys has become an increasingly challenging...... читать далее

security tutorial node.js distributed systems vault secret management

Безопасность DZone Security 5 августа 2021 г. 20:57

Published with permission from author Subbu Iyer, VP of Product Management, Cequence Security Introduction The recent rash of API security incidents (Peloton, Experian, Clubhouse, etc.) has no doubt forced many security and development teams to take...... читать далее

api security tokens pitfalls api authentication authentication weakness threat actors

Безопасность DZone Security 5 августа 2021 г. 19:13

Introduction Ransomware is an epidemic that adversely affects the lives of both individuals and large companies, where criminals demand payments to release infected digital assets. In the wake of the ransomware success, Ransomware-as-a-Service (RaaS)...... читать далее

devops devsecops appsec supply chain ransomware ransomware prevention kaseya raas ransomware as a service revil

Безопасность DZone Security 5 августа 2021 г. 14:04

This week, we take a look at the recently discovered (and fixed) API vulnerabilities in electric car charging stations, a Udemy course on OAuth 2.0, the recently released Gartner Hype Cycle on APIs, and how APIs in microservices architectures can be...... читать далее

security integration api cybersecurity apis oauth api security newsletter gartner api vulnerabilities

Безопасность DZone Security 4 августа 2021 г. 21:15

Undoubtedly, companies are blind, deaf, and in the middle of a freeway without big data analytics. Data is the new science whereas big data leverages the answer. Data production rates are evolving at a tremendous pace simultaneously with the human po...... читать далее

big data cyber attack cybersecuity cyberattacks security & defense risk assessment cybersecurity analysis predictive models

Безопасность DZone Security 4 августа 2021 г. 21:01

More and more app development teams are utilizing an Open Source base model, with the majority of developers now turning away from custom code. And with good reason. Open source allows faster development, more innovation, and lower costs.... читать далее

automation outsourcing security best practices mobile application testing business continuity

Безопасность DZone Security 4 августа 2021 г. 20:28

Identity, something that must mandatorily be unique and guarded. Protection of identity is crucial in this age when hackers are proposing more sophisticated attacks. There would be no wrong in saying that identity is the most significant and valuable...... читать далее

identity biometric authentication biometric verification biometric verification system

Безопасность DZone Security 4 августа 2021 г. 16:55

Anchore provides open-source tools for deep image inspection and vulnerability scanning that allow users to perform a detailed analysis of container workloads, producing reports, and defining policies that can be used in the software delivery lifecyc...... читать далее

devsecops compliance container security security and compliance devsecops integration

Безопасность DZone Security 30 июля 2021 г. 21:26

What Is Identity Governance In theory, identity governance refers to the policy-based centralized orchestration of user identity management and access control. In layman’s terms, this refers to managing different aspects of user accounts and how they...... читать далее

security identity management password management secure apps wso2 identity server identity governance

Безопасность DZone Security 30 июля 2021 г. 16:57

Table of Contents Security Issues to consider Brute Force Attacks Theft of password reset tokens from the database Reusing existing tokens Stealing tokens through email hijacking How to implement a secure password reset flow... читать далее

tutorial cybersecurity authentication web security password management session management

Безопасность DZone Security 29 июля 2021 г. 21:25

While adapting to the current global crisis, businesses had to rapidly transition to a remote workforce to meet customer demands through digital channels. However, this sudden transformation to remote operations presented a whole new challenge of cyb...... читать далее

cybersecurity cyber attack work from home remote work pandemic security risk

Безопасность DZone Security 29 июля 2021 г. 18:40

This week, JustDial has had to re-fix an old API vulnerability that they already fixed in 2019. We also have a set of scripts for automated API key validation, and two videos from recent conferences on the OAuth roadmap and GraphQL security. Vulnerab...... читать далее

security integration api cybersecurity apis oauth api security graphql api vulnerabilities

Безопасность DZone Security 28 июля 2021 г. 9:35

Identity governance is a fantastic tool to surface and manage risks around authorizations. One of the hardest parts of this is risk scoring. Operational risk is easy to define (likelihood x impact) and we have lots of established practices to help us...... читать далее

risk analysis identity and access management identity governance

Безопасность DZone Security 27 июля 2021 г. 12:56

The importance of privacy is something that has been discussed and debated for years. The public's opinion on the subject has shifted in large part because of recent advances in technology. With the rise of smartphones, social media, and internet-con...... читать далее

security devops cloud security devsecops privacy privacy by design shift left security

Безопасность DZone Security 26 июля 2021 г. 10:09

Linux is a well-known operating system that is known to many developers and security hackers. Many Linux distributions in the market are flexible based on the workflow if you are a hacker, bug bounty hunter, penetration tester, or security researcher...... читать далее

linux kali linux

Безопасность DZone Security 24 июля 2021 г. 6:08

In December 2020, a vulnerability in the Bouncy Castle cryptographic library was publicly revealed. This vulnerability was discovered in October and fixed in November 2020. However, the nature of supply chain vulnerabilities means that many organizat...... читать далее

developers authentication devsecops data security encryption cryptography

Безопасность DZone Security 24 июля 2021 г. 5:13

Most SAST tools target security compliance auditors. Their goal is to raise an issue for anything even remotely suspicious. There's no fear of false positives for those tools because the auditors will figure it out; after all it's the auditors' job t...... читать далее

opinion security sast code security false positives

Безопасность DZone Security 22 июля 2021 г. 16:26

This week, we have a detailed write-up on finding credit card numbers leaking from a GraphQL API, a lab walkthrough on hacking JSON web tokens (JWT) through SQL injection, and HackerOne’s new Capture The Flag (CFT) API Security challenge. On the reso...... читать далее

xml api apis api security graphql cybersecuity newsletter jwt

Безопасность DZone Security 22 июля 2021 г. 0:01

Over 25 percent of employees don’t trust their employers, and an even greater 50 percent think that their employers aren’t open or upfront with them. The lack of trust among employees is due to the lack of transparency in the workplace.  In digi...... читать далее

security cyber security data access employee engagement digital workplace api connectivity

Безопасность DZone Security 20 июля 2021 г. 15:16

Introduction Web Real-Time Communication or WebRTC is an open-source and free technology enabling real-time communication between web browsers through APIs. It allows video and audio communication inside the web pages by enabling peer-to-peer interac...... читать далее

security web app development vulnerability webrtc webrtc application development