Безопасность • DZone Security • 5 августа 2021 г. 22:05
As the number of services grows in an organization, the problem of secret management only gets worse. Between Zero Trust and the emergence of microservices, handling secrets such as tokens, credentials, and keys has become an increasingly challenging...... читать далее
security tutorial node.js distributed systems vault secret managementБезопасность • DZone Security • 5 августа 2021 г. 20:57
Published with permission from author Subbu Iyer, VP of Product Management, Cequence Security Introduction The recent rash of API security incidents (Peloton, Experian, Clubhouse, etc.) has no doubt forced many security and development teams to take...... читать далее
api security tokens pitfalls api authentication authentication weakness threat actorsБезопасность • DZone Security • 5 августа 2021 г. 19:13
Introduction Ransomware is an epidemic that adversely affects the lives of both individuals and large companies, where criminals demand payments to release infected digital assets. In the wake of the ransomware success, Ransomware-as-a-Service (RaaS)...... читать далее
devops devsecops appsec supply chain ransomware ransomware prevention kaseya raas ransomware as a service revilБезопасность • DZone Security • 5 августа 2021 г. 14:04
This week, we take a look at the recently discovered (and fixed) API vulnerabilities in electric car charging stations, a Udemy course on OAuth 2.0, the recently released Gartner Hype Cycle on APIs, and how APIs in microservices architectures can be...... читать далее
security integration api cybersecurity apis oauth api security newsletter gartner api vulnerabilitiesБезопасность • DZone Security • 4 августа 2021 г. 21:15
Undoubtedly, companies are blind, deaf, and in the middle of a freeway without big data analytics. Data is the new science whereas big data leverages the answer. Data production rates are evolving at a tremendous pace simultaneously with the human po...... читать далее
big data cyber attack cybersecuity cyberattacks security & defense risk assessment cybersecurity analysis predictive modelsБезопасность • DZone Security • 4 августа 2021 г. 21:01
More and more app development teams are utilizing an Open Source base model, with the majority of developers now turning away from custom code. And with good reason. Open source allows faster development, more innovation, and lower costs.... читать далее
automation outsourcing security best practices mobile application testing business continuityБезопасность • DZone Security • 4 августа 2021 г. 20:28
Identity, something that must mandatorily be unique and guarded. Protection of identity is crucial in this age when hackers are proposing more sophisticated attacks. There would be no wrong in saying that identity is the most significant and valuable...... читать далее
identity biometric authentication biometric verification biometric verification systemБезопасность • DZone Security • 4 августа 2021 г. 16:55
Anchore provides open-source tools for deep image inspection and vulnerability scanning that allow users to perform a detailed analysis of container workloads, producing reports, and defining policies that can be used in the software delivery lifecyc...... читать далее
devsecops compliance container security security and compliance devsecops integrationБезопасность • DZone Security • 30 июля 2021 г. 21:26
What Is Identity Governance In theory, identity governance refers to the policy-based centralized orchestration of user identity management and access control. In layman’s terms, this refers to managing different aspects of user accounts and how they...... читать далее
security identity management password management secure apps wso2 identity server identity governanceБезопасность • DZone Security • 30 июля 2021 г. 16:57
Table of Contents Security Issues to consider Brute Force Attacks Theft of password reset tokens from the database Reusing existing tokens Stealing tokens through email hijacking How to implement a secure password reset flow... читать далее
tutorial cybersecurity authentication web security password management session managementБезопасность • DZone Security • 29 июля 2021 г. 21:25
While adapting to the current global crisis, businesses had to rapidly transition to a remote workforce to meet customer demands through digital channels. However, this sudden transformation to remote operations presented a whole new challenge of cyb...... читать далее
cybersecurity cyber attack work from home remote work pandemic security riskБезопасность • DZone Security • 29 июля 2021 г. 18:40
This week, JustDial has had to re-fix an old API vulnerability that they already fixed in 2019. We also have a set of scripts for automated API key validation, and two videos from recent conferences on the OAuth roadmap and GraphQL security. Vulnerab...... читать далее
security integration api cybersecurity apis oauth api security graphql api vulnerabilitiesБезопасность • DZone Security • 28 июля 2021 г. 9:35
Identity governance is a fantastic tool to surface and manage risks around authorizations. One of the hardest parts of this is risk scoring. Operational risk is easy to define (likelihood x impact) and we have lots of established practices to help us...... читать далее
risk analysis identity and access management identity governanceБезопасность • DZone Security • 27 июля 2021 г. 12:56
The importance of privacy is something that has been discussed and debated for years. The public's opinion on the subject has shifted in large part because of recent advances in technology. With the rise of smartphones, social media, and internet-con...... читать далее
security devops cloud security devsecops privacy privacy by design shift left securityБезопасность • DZone Security • 26 июля 2021 г. 10:09
Linux is a well-known operating system that is known to many developers and security hackers. Many Linux distributions in the market are flexible based on the workflow if you are a hacker, bug bounty hunter, penetration tester, or security researcher...... читать далее
linux kali linuxБезопасность • DZone Security • 24 июля 2021 г. 6:08
In December 2020, a vulnerability in the Bouncy Castle cryptographic library was publicly revealed. This vulnerability was discovered in October and fixed in November 2020. However, the nature of supply chain vulnerabilities means that many organizat...... читать далее
developers authentication devsecops data security encryption cryptographyБезопасность • DZone Security • 24 июля 2021 г. 5:13
Most SAST tools target security compliance auditors. Their goal is to raise an issue for anything even remotely suspicious. There's no fear of false positives for those tools because the auditors will figure it out; after all it's the auditors' job t...... читать далее
opinion security sast code security false positivesБезопасность • DZone Security • 22 июля 2021 г. 16:26
This week, we have a detailed write-up on finding credit card numbers leaking from a GraphQL API, a lab walkthrough on hacking JSON web tokens (JWT) through SQL injection, and HackerOne’s new Capture The Flag (CFT) API Security challenge. On the reso...... читать далее
xml api apis api security graphql cybersecuity newsletter jwtБезопасность • DZone Security • 22 июля 2021 г. 0:01
Over 25 percent of employees don’t trust their employers, and an even greater 50 percent think that their employers aren’t open or upfront with them. The lack of trust among employees is due to the lack of transparency in the workplace. In digi...... читать далее
security cyber security data access employee engagement digital workplace api connectivityБезопасность • DZone Security • 20 июля 2021 г. 15:16
Introduction Web Real-Time Communication or WebRTC is an open-source and free technology enabling real-time communication between web browsers through APIs. It allows video and audio communication inside the web pages by enabling peer-to-peer interac...... читать далее
security web app development vulnerability webrtc webrtc application development
