Brian Vermeer39 articles
Path traversal vulnerabilities are a serious threat to Java web applications, amongst the top security issues Snyk finds in Java code.
-
How to Create SBOMs in Java with Maven and Gradle
Java is a compiled language, so you should create an SBOM whenever you build a release version of your application. Find out more here!
-
Unsafe Deserialization Vulnerability in SnakeYaml (CVE-2022-1471)
org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default in the spring-boot-starter.
- Brian Vermeer
-
Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?
We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
- Brian Vermeer,
- Erik Costlow,
- Frank Delporte
-
Reviewing CVE-2022-42889: Arbitrary Code Execution Vulnerability in Apache Commons Text (Text4Shell)
Resolve this issue by upgrading to commons-text version 1.10 (or later), which disables the prefixes URL, DNS, and script by default.
- Brian Vermeer
-
How to Use Java DTOs to Stay Secure
How DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.
-
Best Practices for Managing Java Dependencies
Knowing how to select, update, and remove Java dependencies from our application is essential for security.
-
Controlling your Server with a Reverse Shell Attack
The last thing you need for your happily deployed application is someone to take over your system and fully control it!
- Brian Vermeer
-
Exploring CVE-2022-33980: The Apache Commons Configuration RCE Vulnerability
Before we dive into the details of this vulnerability, we want to make it clear that there’s no need for panic!
- Brian Vermeer
-
Building Secure CI/CD Pipelines with GitHub Actions for Your Java Application
Learn how to integrate Snyk into your GitHub CI/CD to automate security scanning as part of your build cycle prior to production.
- Brian Vermeer
-
Deserialization Exploits in Java: Why Should I Care?
Deserialization vulnerabilities work natively in Java and how attack chains are created. This problem is also not restricted to Java’s custom serialization framework. When deserializing JSON, XML, or YAML, similar issues can occur as well. This talk shows some pointers on how to mitigate these problems in your own applications.