Brian Vermeer42 articles
An in-depth exploration of utilizing JLink to optimize Docker image sizes, enhancing application security and performance.
-
SnakeYaml 2.0: Solving the unsafe deserialization vulnerability
In December of last year, we reported CVE-2022-1471 to you. This unsafe deserialization problem could easily lead to arbitrary code execution.
-
Preventing Cross-Site Scripting (XSS) in Java applications with Snyk Code
By taking a proactive approach to XSS prevention and using the right resources and tools, developers can help ensure the security and integrity of their Java web applications.
-
Mitigating Path Traversal Vulnerabilities in Java
Path traversal vulnerabilities are a serious threat to Java web applications, amongst the top security issues Snyk finds in Java code.
-
How to Create SBOMs in Java with Maven and Gradle
Java is a compiled language, so you should create an SBOM whenever you build a release version of your application. Find out more here!
-
Unsafe Deserialization Vulnerability in SnakeYaml (CVE-2022-1471)
org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default in the spring-boot-starter.
- Brian Vermeer
-
Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?
We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
- Brian Vermeer,
- Erik Costlow,
- Frank Delporte
-
Reviewing CVE-2022-42889: Arbitrary Code Execution Vulnerability in Apache Commons Text (Text4Shell)
Resolve this issue by upgrading to commons-text version 1.10 (or later), which disables the prefixes URL, DNS, and script by default.
- Brian Vermeer
-
How to Use Java DTOs to Stay Secure
How DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.
-
Best Practices for Managing Java Dependencies
Knowing how to select, update, and remove Java dependencies from our application is essential for security.
-
Controlling your Server with a Reverse Shell Attack
The last thing you need for your happily deployed application is someone to take over your system and fully control it!
- Brian Vermeer