Brian Vermeer44 articles
Encryption is converting readable data or plaintext into unreadable data or ciphertext, ensuring that even if encrypted data is intercepted, it remains inaccessible to unauthorized individuals.
-
Handling security vulnerabilities in Spring Boot
Keeping your dependencies in check is crucial to ensure that your Spring Boot projects run smoothly and remain resilient in the face of ever-evolving threats.
-
Using JLink to create smaller Docker images for your Spring Boot Java application
An in-depth exploration of utilizing JLink to optimize Docker image sizes, enhancing application security and performance.
-
SnakeYaml 2.0: Solving the unsafe deserialization vulnerability
In December of last year, we reported CVE-2022-1471 to you. This unsafe deserialization problem could easily lead to arbitrary code execution.
-
Preventing Cross-Site Scripting (XSS) in Java applications with Snyk Code
By taking a proactive approach to XSS prevention and using the right resources and tools, developers can help ensure the security and integrity of their Java web applications.
-
Mitigating Path Traversal Vulnerabilities in Java
Path traversal vulnerabilities are a serious threat to Java web applications, amongst the top security issues Snyk finds in Java code.
-
How to Create SBOMs in Java with Maven and Gradle
Java is a compiled language, so you should create an SBOM whenever you build a release version of your application. Find out more here!
-
Unsafe Deserialization Vulnerability in SnakeYaml (CVE-2022-1471)
org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default in the spring-boot-starter.
- Brian Vermeer
-
Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?
We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
- Brian Vermeer,
- Erik Costlow,
- Frank Delporte
-
Reviewing CVE-2022-42889: Arbitrary Code Execution Vulnerability in Apache Commons Text (Text4Shell)
Resolve this issue by upgrading to commons-text version 1.10 (or later), which disables the prefixes URL, DNS, and script by default.
- Brian Vermeer
-
How to Use Java DTOs to Stay Secure
How DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.