Month: August 2025

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. Software supply chain security is on the rise as systems advance and hackers level up their tactics. Gone are the days of fragmented security checkpoints and analyzing

As an architect, security is the first thing that comes to mind when defining an architecture for a customer. One of the key things that you need to keep in mind is minimizing the network traffic routed through the public internet. This article discusses how to bring private connectivity to cloud services, working with compute

Series Overview This article is part 1 of a multi-part series: “Development of system configuration management.” The complete series:

The rise of data mesh architectures redefines how modern organizations have approached the concept of data security. Standard best practices dictate that data should be centralized, allowing it to be collected, stored, and governed within monolithic systems, such as data warehouses. enabled centralized access control, governance, and ‘auditability’. The data mesh model, however, disrupts this

APIs have emerged as the cement of the contemporary application. APIs are at the heart of the movement of data, and the interaction of systems, whether in the form of mobile apps and web frontends or microservices and third-party integrations. However, along with this omnipresence there is exposure. Malicious actors will usually start with APIs

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In parts 2 and part 3 of this blog series, we introduced the open-source Trestle SDK, which implements the NIST Open Security Control Assessment Language (OSCAL) standard framework. We also covered Trestle’s agile authoring capabilities,

This tutorial is all about implementing JWT Policy Enforcement in API Manager using a sample RAML-based project. It’s especially helpful when applying policies through the API Manager in the Anypoint Platform. Along the way, you’ll also learn how to secure a specific API endpoint using a third-party Auth Provider like Auth0. In this project, the

Note: A Human wrote this article. Other than proofreading and sentence-level style suggestions, no AI was utilized. This is one of the last surviving members of its kind. Introduction I started an open-source project in 1996, I am abandoning now. It was not my first OSS project and certainly not the last one. It definitely

Modern e-commerce platforms must handle massive scale – from flash sales driving sudden traffic spikes to global user bases demanding low-latency experiences. Achieving this reliability and performance at scale requires robust distributed architectures. In this article, I’ll share three case studies of scalable e-commerce architectures that I’ve analyzed and worked with, each leveraging a different

Most developers don’t start their day thinking, “Is our internal directory secure?” They’ve got builds to run, bugs to squash, maybe a pull request or five to review. But internal directories (like Active Directory or Azure AD) aren’t just a concern for IT admins.  They’re the nervous system of any organization with more than, say,