DNSSEC, short for Domain Name System Security Extensions, is a set of protocols that aim to secure the domain name system (DNS) against various security threats such as spoofing, cache poisoning, and eavesdropping. DNSSEC is designed to protect the authenticity and...
security
The Evolution of Cloud-Native Authorization
Authentication in the Age of SaaS and Cloud Let's start with the differences between authentication and authorization. People tend to lump these concepts together as auth, but they're two distinct processes. Authentication describes the process of finding out that you...
Remote Debugging Dangers and Pitfalls
This is the last part of the debugging series. To learn the rest, you’ll need to get the book “Practical Debugging at Scale: Cloud Native Debugging in Kubernetes and Production” or the course. One of the most frequently asked questions I receive is: can we do these...
The Data Leakage Nightmare in AI
Nowadays, we think of artificial intelligence as the solution to many problems and as a tool that can help humanity achieve huge things faster and with less effort. Of course, those thoughts are not far from being true, but it is really important to be aware of the...
Essential Protocols for Python Developers to Prevent SQL Injection Attacks
You are going to encounter a number of issues as a Python developer. Mastering the syntax of coding isn’t enough to write functioning, stable applications. You also have to familiarize yourself with different challenges the final application might deal with, including...
Should You Create Your Own E-Signature API?
Is it worth coding your own e-signature API, or is purchasing a ready-made solution a better option? Electronic signatures have become a popular way to verify one’s identity without signing printed forms. They have many benefits over written signatures, such as higher...
How I Discovered My Security Practices Are Pretty Bad
I have a confession to make. As a software developer, I never thought much about security. It was about as important to me as the daily weather on Pluto. Admittedly, my work was mostly deployed in lab environments, but I never did much to look for CVEs, attack paths,...
Jobs in Information Security (InfoSec)
Almost all of the people who respond to my #CyberMentoringMonday tweets each week say that they want to “get into InfoSec” or “become a Penetration Tester;” they rarely choose any other jobs or are more specific than that. I believe the reason for this is that they...
Compliance Automated Standard Solution (COMPASS), Part 4: Topologies of Compliance Policy Administration Centers
In the last post of this multi-part series, we introduced methodologies and technologies for the various compliance personas to collaboratively author compliance artifacts such as regulation catalogs, baselines, profiles, system security plans, etc. These artifacts...
What Is a SOC and How Do SOC Teams Work?
With the growing complexity of IT environments, it is essential to have robust security processes that can safeguard IT environments from cyber threats. This blog will explore how security operation centers (SOCs) help you monitor, identify and prevent cyber and...
Surviving the Incident – DZone
This is an article from DZone's 2022 Enterprise Application Security Trend Report.For more: Read the Report A wave of cyber incidents in recent years, such as the SolarWinds supply chain attack, Accellion data breach, Exchange Server, and Log4j vulnerabilities, have...