Brian Vermeer39 articles

Java is a compiled language, so you should create an SBOM whenever you build a release version of your application. Find out more here!

org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default in the spring-boot-starter.

We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!

Resolve this issue by upgrading to commons-text version 1.10 (or later), which disables the prefixes URL, DNS, and script by default.

How DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.

Knowing how to select, update, and remove Java dependencies from our application is essential for security.

The last thing you need for your happily deployed application is someone to take over your system and fully control it!

Before we dive into the details of this vulnerability, we want to make it clear that there’s no need for panic!

Learn how to integrate Snyk into your GitHub CI/CD to automate security scanning as part of your build cycle prior to production.

Deserialization vulnerabilities work natively in Java and how attack chains are created. This problem is also not restricted to Java’s custom serialization framework. When deserializing JSON, XML, or YAML, similar issues can occur as well. This talk shows some pointers on how to mitigate these problems in your own applications.