Month: September 2025

Have you heard of the new OWASP Top 10 for Large Language Model (LLM) Applications? If not, you’re not alone. OWASP is famous for its “Top 10” lists addressing security pitfalls in web and mobile apps, but few realize they’ve recently released a dedicated list for LLM-based systems. With AI chatbots, text generators, and agentic

The Open Worldwide Application Security Project, OWASP, has just released its top 10 non-human identities risks for 2025. While other OWASP resources broadly address application and API security, none focus specifically on the unique challenges of NHIs. This new document fills that gap, addressing risks that are often overlooked but have critical implications for organizational

Any modern application is centered around APIs. They drive mobile applications, link business systems, and deliver new digital experiences. However, the convenience has its own risks — attackers often use APIs to break into systems. Basic security steps like authentication and rate limits are no longer enough. Attackers now use stolen credentials, automated scripts, and

Traditional authentication methods — passwords, centralized databases, and third-party identity providers — are plagued by security breaches, identity theft, and data privacy concerns. Blockchain-based authentication offers a decentralized, tamper-proof, and more secure alternative.   In this deep dive, we’ll explore:  

Would you rather have determined that you are in fact secure, or are you willing to accept that you are “probably” doing things securely? This might seem like a silly question on the surface, after all, audits don’t work on probability; they work on documented facts. We are in an era of rapidly advancing artificial

In this blog, we will take a closer look at Spring Security, specifically in combination with Keycloak using OpenID Connect, all supported with examples and unit tests. Enjoy! Introduction Many applications are supported by means of authentication and authorization. However, it is also something software developers find difficult to grasp. In this blog, Spring Security

Enterprise cloud architecture demands sophisticated orchestration of infrastructure, configuration, and workload management across diverse computing platforms. The traditional approach of manual provisioning and siloed tool adoption has become a bottleneck for organizations seeking cloud-native agility while maintaining operational excellence. This article explores the strategic integration of three complementary automation technologies: Terraform for infrastructure provisioning, Ansible

Series reminder: This series explores how explainability in AI helps build trust, ensure accountability, and align with real-world needs, from foundational principles to practical use cases. Previously, in Part VII: SHAP: Bringing Clarity to Financial Decision-Making.

Container security is all about making sure you run an image that is exceptionally low in vulnerability and malware. I would love to say having zero vulnerabilities, but it is rarely possible in the real world. In the worst case, you at least want to address critical to medium vulnerabilities to have a good night’s

“We recently purchased a Zero Trust solution.”  A statement like that makes even the most seasoned security experts cringe. Zero Trust is a ubiquitous notion in 2025, appearing in product packaging, seminars, and sales presentations. However, the fundamental idea is still gravely misinterpreted.  There is no such thing as buying Zero Trust. It’s a way