Блог DZone Security | DevsDay.ru

IT-блоги Блог DZone Security

IT-блоги Блог DZone Security

Безопасность DZone Security 5 декабря 2021 г. 9:49

You’ve heard of the GDPR and other regulations geared towards protecting personal data with threats of large fines, but it’s worth remembering that customers take the protection of their data seriously and are ready to switch brands if they lose fait...... читать далее

privacy gdpr automation & technology solutions data privacy data privacy and data security process management privacy by design data monitoring

Безопасность DZone Security 5 декабря 2021 г. 0:46

While GraphQL enables the creation of flexible APIs, it is considered prone to allow malicious queries that compromise application servers. Being one of the most popular query languages, commonly found vulnerabilities make GraphQL Security a topic of...... читать далее

cybersecurity cloud security graphql security analysis graphql applications

Безопасность DZone Security 2 декабря 2021 г. 12:18

Over the last year, artificial intelligence (AI) has become a huge part of our everyday lives, which is something of a mixed bag that has brought along a wide variety of both positive and negative influences. On one hand, there are algorithms that ar...... читать далее

ai cybersecuity dark web biometric authentication phishing protection threat management

Безопасность DZone Security 1 декабря 2021 г. 3:54

Serverless reduces a lot of operational burdens, but a secure architecture is still your responsibility. From web threats over IAM principles to auditing and monitoring, learn more about securing serverless architectures in this 2-parter infographic:... читать далее

devops aws serverless devsecops appsec presentation serverless architecture app security secret management iam policy

Безопасность DZone Security 30 ноября 2021 г. 15:47

Workforces today are dynamic, with employees, contractors, freelancers, and other third parties constantly changing roles, projects, or moving companies. This makes it difficult for IT teams to manage access controls in a timely manner and opens the...... читать далее

it security access control ephemeral access credential manager access security twingate

Безопасность DZone Security 29 ноября 2021 г. 21:06

As technology continues to become more relevant for businesses worldwide, the importance of securing business-critical applications and their underlying tech stack continues to gain prominence. With the changing threat landscape, it is often impracti...... читать далее

cloud security application security cybersecuity ethical hacking white hat hacking

Безопасность DZone Security 29 ноября 2021 г. 19:31

While the relationship between software development and security hasn't always been harmonious, recent research suggests the two are becoming much more aligned. In one study, almost half of developers said they had prioritized learning or improving A...... читать далее

devops developer devsecops appsec code security

Безопасность DZone Security 28 ноября 2021 г. 9:16

In different programming languages, the behavior of virtual functions differs when it comes to constructors and destructors. Incorrect use of virtual functions is a classic mistake. Developers often use virtual functions incorrectly. In this article,...... читать далее

programming c++ static analysis pvs-studio cpp static code analysis pitfalls

Безопасность DZone Security 26 ноября 2021 г. 21:45

WebRTC is changing the way we live by establishing new norms in communication. WebRTC makes this possible by supporting real-time browser-to-browser communication without additional plugins. It provides peer-to-peer (P2P) file sharing and streaming o...... читать далее

api communication encryption webrtc real time server security client security communication security webrtc communication webrtc threats

Безопасность DZone Security 26 ноября 2021 г. 21:38

The NAC solution implements security control over access users to provide end-to-end security.   What Are the Capabilities of NAC? NAC provides the following capabilities:... читать далее

security networking nac application nac solution network admission control

Безопасность DZone Security 23 ноября 2021 г. 14:56

This week, we have news of a high criticality vulnerability on GoCD, a common open-source CI/CD system, allowing attackers to hijack secrets of downstream supply chains. There is also an excellent article on the journey of Raiffeisen Bank Internation...... читать далее

api devsecops ci/cd api security security champions

Безопасность DZone Security 23 ноября 2021 г. 1:56

This week, we have details of a potential vulnerability in existing Prometheus installations with no endpoint security enabled, details of a new tool to assist organizations to map their API attack surface, a report on the analysis of publicly availa...... читать далее

api training prometheus openapi attack surface secure apis

Безопасность DZone Security 23 ноября 2021 г. 1:31

This week, we have a vulnerability report from Alissa Knight on Fast Healthcare Interoperability and Resources (FHIR) APIs being potentially vulnerable to abuse, and more details on how the breach at MakerBot’s Thingiverse 3D printing repository webs...... читать далее

api 3d printer breaches fhir analysis and report

Безопасность DZone Security 21 ноября 2021 г. 8:53

The Online Web Application Security Project (OWASP) helps organizations improve their security posture by offering guidelines based on real-world scenarios and community-led open-source projects. Out of the various threats, OWASP considers Code Injec...... читать далее

cybersecurity cloud security cyber attack code injection

Безопасность DZone Security 20 ноября 2021 г. 9:13

In this hands-on tutorial, you will learn how to connect securely to an AWS IoT MQTT broker using mutual certificate authentication. An online interactive Lua tutorial includes ready-to-use Lua code, enabling you to connect to your own AWS IoT core i...... читать далее


Безопасность DZone Security 20 ноября 2021 г. 8:40

Two of the leading cybersecurity platforms are Check Point and Palo Alto. Many tend to think that these top contenders are largely the same, so choosing any of the two wouldn’t be a bad idea. However, there are a few details that can spell major diff...... читать далее


Безопасность DZone Security 20 ноября 2021 г. 7:53

The test cases that you can work with effectively are the test cases you can quickly write and manage without correcting all the dependencies. Testing financial applications require specific knowledge of writing test cases and what type of test cases...... читать далее

quality assurance fintech testing and qa quality assurance and testing fintech app testing and developing financial app testing banking application testing testing applications banking application testing process

Безопасность DZone Security 19 ноября 2021 г. 17:27

API security is on everyone’s mind: After all, APIs always opens up network-accessible interfaces that previously may not have been exposed. Making sure that this is not creating new risks means that securing APIs is an essential aspect of API m...... читать далее

security integration api management api security owasp top 10

Безопасность DZone Security 17 ноября 2021 г. 21:46

In today's digital world, everywhere and at all times, two parties exchange information, and day by day, it is growing exponentially. The exchange of data across systems is critical as they are vulnerable to attacks by external entities.  As the...... читать далее

security ssl certificate cryptography tls openssl certificate authority x509 certificates public key encryption ssl handshake pki authentication