Безопасность • DZone Security • 25 мая 2022 г. 15:24
While website owners consider scalability and high performance to be supreme, the changing threat landscape requires security to be an equally crucial consideration. The first step to securing a vulnerable website is to identify application vulnerabi...... читать далее
technical articlesБезопасность • DZone Security • 6 мая 2022 г. 15:11
Bob, the software architect, and Alice, the SecDevOps engineer are part of a growing software development start-up company. Here is the conversation between them on developing a new set of microservices. Bob: Did you hear the announcement? The client...... читать далее
devsecopsБезопасность • DZone Security • 30 апреля 2022 г. 23:51
This week, we have an article on 7 reasons why API security strategies are failing, details on the recent keynote by Werner Vogels at AWS re:Invent on 6 rules for good API design, an article by Cisco on API discovery, and a review of some of the bigg...... читать далее
aws api security inventory api vulnerabilities api strategy breachesDevOps • DZone DevOps • 29 апреля 2022 г. 14:06
Vulnerabilities produce enormous reputational and financial risks. As a result, many companies are fascinated by security and desire to build a secure development life cycle (SSDLC). So, today we're going to discuss SAST — one of the SSDLC components...... читать далее
security devops devsecops static analysis sdlc sast vulnerabilites developing ssdlcБезопасность • DZone Security • 19 апреля 2022 г. 18:45
So, do you think your APIs are secure? You might want to take another look at your security.... читать далее
security cybersecurity api management api security api gateway api strategy owasp top 10 web application firewall api firstБезопасность • DZone Security • 15 апреля 2022 г. 21:50
This week, we have details of compromised Google Cloud accounts being used to mine cryptocurrency (mainly with weak or no passwords on API connections), there’s an article on how GraphQL can be used as an API gateway (including security controls), a...... читать далее
training api security graphql api gcp cloud appsec best practices api tooling api toolsБезопасность • DZone Security • 15 апреля 2022 г. 1:43
APIs are the connective tissue of scalable websites — fundamental to functioning in today’s digital world. But much like the physical world, weaknesses in connections and associated protocols can result in significant, sometimes existential, trouble...... читать далее
integration apis api security api adoptionБезопасность • DZone Security • 31 марта 2022 г. 21:56
This week, we have a vulnerability in the AWS API gateway that allows a potential cache-poisoning attack, disclosed at the recent BlackHat Europe conference, a guide on how to harden Kubernetes API access, a report from Forbes on the need to take API...... читать далее
api security aws api gateway owasp top 10 api security news kubernetes apiРазработка • The GitHub Blog • 21 марта 2022 г. 17:41
If there's one habit that can make software more secure, it's probably input validation. Here's how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.... читать далее
Community Security GitHub Security Lab OWASP Top 10 Proactive ControlsБезопасность • DZone Security • 15 марта 2022 г. 15:30
An Application Programming Interface (API) is a set of protocols that allow software components to interact. The intermediary interface is commonly used for streamlining development by enabling software teams to reuse code. APIs also abstract functio...... читать далее
security cybersecurity api security broken api broken authenticationБезопасность • DZone Security • 21 февраля 2022 г. 14:06
Introduction The Secure Software Design Lifecycle (SSDL) is the infusion of security with each step of software design, from architecture to end of life. By doing so we protect our customers from threats and reduce our risk and attack surface. There...... читать далее
security sdlc security best practices secure sdlc secure development secure software software lifecycle ssdlcРазработка • The GitHub Blog • 17 февраля 2022 г. 18:00
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.... читать далее
Product Security code scanning CodeQL machine learningБезопасность • DZone Security • 17 февраля 2022 г. 9:37
A cybersecurity incident can cause severe damage to the reputation of the organization and competitive disadvantage in the market, the imposition of penalties, and unwanted legal issues by end-users. On average, the cost of each data breach is USD 3...... читать далее
security devops microservices docker containers cloudnativeРазработка • The GitHub Blog • 16 февраля 2022 г. 17:38
Practical tips on how to apply OWASP Top 10 Proactive Control C4.... читать далее
Community Security GitHub Security Lab OWASP Top 10 Proactive ControlsБезопасность • DZone Security • 11 февраля 2022 г. 15:31
How can simple XML files processing turn into a security weakness? How can a blog deployed on your machine cause a data leak? Today we'll find answers to these questions, learn what XXE is and what it looks like. Before we begin, note that there are...... читать далее
.net security tutorial xml c# code quality xxeРазработка • The Cloudflare Blog • 26 января 2022 г. 13:59
More than 50% of all traffic processed by Cloudflare is API-based, and it’s growing twice as fast as traditional web traffic. This huge growth is driven by a few industries, and it calls for the development of dedicated security solutions... читать далее
Cloudflare Radar API API Shield SecurityБезопасность • DZone Security • 25 января 2022 г. 9:26
The full form of OWASP is the Open Web Application Security Project. It is a non-profit group that helps a variety of organizations to develop, purchase, and maintain software applications that can be trusted. The educated developers, designers, arch...... читать далее
cyber securityРазработка • DZone Web Dev • 16 января 2022 г. 15:28
Let's take a look at the list of information sources that can be useful for the C# / .NET developers. Our list includes blogs, repositories with source code, standards and accounts of developers who covers the deep aspects of the C# and .NET. Blogs ...... читать далее
.net dotnet web dev c# csharpРазработка • dou.ua • 12 января 2022 г. 10:00
Цю добірку питань, що ставлять кандидатам різних рівнів на технічних співбесідах на позицію QA, склали спільними зусиллями практики. Список — лише орієнтир. Кандидатам радимо пробігтись питаннями та відзначити невідомі слова, погуглити й заодно підви...... читать далее
Безопасность • DZone Security • 6 января 2022 г. 14:38
The number of web applications and APIs exposed to the internet are growing exponentially. Unsecure web applications and APIs are low-hanging fruit that attackers are targeting to steal sensitive data. In a recent report “State of the Web Security fo...... читать далее
api security web application security cybersecuity web application firewall web app security
