Last week, we listed 16 practices to help secure one’s APIs and described how to implement them with Apache APISIX. Authentication: Verifies the identity of users accessing APIs. Authorization: Determines permissions of authenticated users. Data Redaction: Obscures sensitive data for…
Category: DZone Security Zone
Guarding the Gates of GenAI: Security Challenges in AI Evolution
Generative AI (GenAI) represents a significant leap in artificial intelligence, enabling the creation of novel and realistic data, from text and audio to images and code. While this innovation holds immense potential, it also raises critical concerns regarding data security…
Integrating Software Supply Chains and DevOps: Tips for Effectively Reconciling Supply Chain Management and DevOps
Editor’s Note: The following is an article written for and published in DZone’s 2024 Trend Report, The Modern DevOps Lifecycle: Shifting CI/CD and Application Architectures. Software supply chains (SSCs) have become a prevalent topic in the software development world, and for…
Maximizing Feedback for Developers With Continuous Testing
Developers need feedback on their work so that they know whether their code is helping the business. They should have “multiple feedback loops to ensure that high-quality software gets delivered to users”[1]. Development teams also need to review their feedback…
Securing and Monitoring Your Data Pipeline: Best Practices for Kafka, AWS RDS, Lambda, and API Gateway Integration
There are several steps involved in implementing a data pipeline that integrates Apache Kafka with AWS RDS and uses AWS Lambda and API Gateway to feed data into a web application. Here is a high-level overview of how to architect this…
The Role of Penetration Testing in Strengthening Cyber Defenses
Digital security has become a significant worry for organizations of different sizes in today’s fast-paced world. With the rate at which digital threats continue to develop, enhancing security measures is very important to protect vulnerable data and infrastructure. This defense…
Top 5 Common Cybersecurity Attacks MSPs Should Know in 2024
As Managed Service Providers (MSPs) continue to play a crucial role in managing IT services for businesses, understanding the landscape of cybersecurity threats becomes paramount. The year 2024 is no exception, with cybercriminals employing more sophisticated methods to breach defenses.…
Critical Infrastructure Protection in the Age of Cyber Threats
Critical Infrastructure Protection is the need to safeguard a nation/region’s important infrastructures, such as food, agriculture, or transportation. Critical infrastructures include transportation systems, power grids, and communication systems. Critical infrastructure protection is important to communities because any damage to these…
An Approach To Synthetic Transactions With Spring Microservices: Validating Features and Upgrades
In fintech application mobile apps or the web, deploying new features in areas like loan applications requires careful validation. Traditional testing with real user data, especially personally identifiable information (PII), presents significant challenges. Synthetic transactions offer a solution, enabling the…
Explore Salesforce OAuth Authorization Flows and Its Use Cases
Have you authorized an application to access Salesforce without giving your credentials to that application? Then, you must have used a Salesforce OAuth authorization flow. OAuth is a standard for authorization. Salesforce uses several OAuth flows, and all these flows…