Category: Tidbits

It is not an understatement that identity is the new perimeter. With cyberattacks on the rise across industries, from finance and governments to healthcare, the protection of user identities has become more crucial than ever before.  Taking a look at some of the traditional authentication methods — passwords, PINs, security tokens, and basic biometrics, there

It is often assumed that encryption is the gold standard method for securing assets in the cloud. Cloud providers give assurances that all their services are “encrypted by default.” Several regulatory and cloud compliance policies mandate that organizations encrypt data at rest, in use, and in transit. All of this should make cloud environments secure,

Apache Kafka has come a long way from being just a scalable data ingestion layer for data lakes. Today, it is the backbone of real-time transactional applications. In many organizations, Kafka serves as the central nervous system connecting both operational and analytical workloads. Over time, its architecture has shifted significantly — from brokers managing all

Allowing users to upload files is a staple of modern web applications, from profile pictures to enterprise document management. However, for a security engineer or backend developer, an upload field is essentially an open invitation for an attacker to place an arbitrary binary on your filesystem. When validation fails, the consequences range from localized data

Let’s start with two pillars that modern application security teams rely on: Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). SAST is a method in which source code is analyzed early in the application development lifecycle to identify potential vulnerabilities. On the other hand, DAST is used to test running applications to

Modern microservices, payment engines, and event-driven systems are generating massive volumes of logs every second. These logs are critical for debugging, monitoring, observability, and compliance audits. But there is an increasing and hazardous problem: Sensitive data — things like credit card numbers, email addresses, phone numbers, SSNs, API keys, and session tokens — often accidentally

As organizations integrate large language models (LLMs) into analytics, automation, and internal tools, a subtle yet serious shift is occurring within their data platforms. ETL and ELT pipelines that were originally designed for reporting and aggregation are now feeding models with logs, tickets, emails, documents, and other free-text inputs. These pipelines were never built with

Introduction Artificial intelligence has rapidly moved from research labs into everyday tools. Yet, most users remain locked into vendor‑controlled ecosystems, where the choice of language model (LM) is dictated by the provider. This creates friction for developers, educators, and organizations who want flexibility, privacy, and control. The Bring Your Own Language Model (BYOLM) paradigm challenges

In my previous article, I demonstrated how to implement OIDC4VCI (credential issuance) and OIDC4VP (credential presentation) using Spring Boot and an Android wallet. This follow-up focuses on a critical security enhancement now mandated by EUDI standards: DPoP (Demonstrating Proof-of-Possession). The Problem With Bearer Tokens Traditional Bearer tokens have an inherent weakness: anyone who obtains the

Software usage patterns have always evolved alongside hardware capabilities. In recent years, with the rise of GPUs and cloud-based AI copilots such as GitHub Copilot, this evolution has accelerated — offering developers real-time code suggestions, documentation support, and automated testing at scale. However, concerns around personal data privacy, the cost of copilot usage, and the