We’ve normalized multi-factor authentication (MFA) for human users. In any secure environment, we expect login workflows to require more than just a password — something you know, something you have, and sometimes something you are. This layered approach is now…
Category: DZone Security Zone
How AI and Machine Learning Are Shaping the Fight Against Ransomware
Ransomware remains one of the biggest threats to individuals and corporations, primarily because cybercriminals relentlessly look for loopholes. With traditional measures struggling to keep pace with cyber threats, the shift to artificial intelligence (AI) and machine learning (ML) can be…
Enhancing AI Privacy: Federated Learning and Differential Privacy in Machine Learning
Privacy-preserving techniques are keeping your data safe in the age of AI. In particular, federated learning (FL) keeps data local, while differential privacy (DP) strengthens individual privacy. In this article, we will discuss challenges associated with this, practical tools, and…
Security Concerns in Open GPTs: Emerging Threats, Vulnerabilities, and Mitigation Strategies
With the increasing use of Open GPTs in industries such as finance, healthcare, and software development, security concerns are growing. Unlike proprietary models, open-source GPTs allow greater customization but also expose organizations to various security vulnerabilities. This analysis explores real-world…
Securing LLM Applications: Beyond the New OWASP LLM Top 10
Have you heard of the new OWASP Top 10 for Large Language Model (LLM) Applications? If not, you’re not alone. OWASP is famous for its “Top 10” lists addressing security pitfalls in web and mobile apps, but few realize they’ve…
OWASP Top 10 Non-Human Identity Risks for 2025: What You Need to Know
The Open Worldwide Application Security Project, OWASP, has just released its top 10 non-human identities risks for 2025. While other OWASP resources broadly address application and API security, none focus specifically on the unique challenges of NHIs. This new document…
A Practical Guide to API Threat Analytics in Cloud Platforms
Any modern application is centered around APIs. They drive mobile applications, link business systems, and deliver new digital experiences. However, the convenience has its own risks — attackers often use APIs to break into systems. Basic security steps like authentication…
Blockchain-Based Authentication: The Future of Secure Identity Verification
Traditional authentication methods — passwords, centralized databases, and third-party identity providers — are plagued by security breaches, identity theft, and data privacy concerns. Blockchain-based authentication offers a decentralized, tamper-proof, and more secure alternative. In this deep dive, we’ll explore:…
Probably Secure: A Look at the Security Concerns of Deterministic vs Probabilistic Systems
Would you rather have determined that you are in fact secure, or are you willing to accept that you are “probably” doing things securely? This might seem like a silly question on the surface, after all, audits don’t work on…
Secure Your Spring Boot Apps Using Keycloak and OIDC
In this blog, we will take a closer look at Spring Security, specifically in combination with Keycloak using OpenID Connect, all supported with examples and unit tests. Enjoy! Introduction Many applications are supported by means of authentication and authorization. However,…