Brian Vermeer42 articles

Java Champions & Developer Advocate and Software Engineer for Snyk.

Passionate about Java, (Pure) Functional Programming, and Cybersecurity. Co-leading the Virtual JUG, NLJUG and DevSecCon community.

Brian is also an Oracle Groundbreaker Ambassador and regular international speaker on mostly Java-related conferences.

Latest post Using JLink to create smaller Docker images for your Spring Boot Java application

An in-depth exploration of utilizing JLink to optimize Docker image sizes, enhancing application security and performance.

Brian Vermeer

September 21, 2023

SnakeYaml 2.0: Solving the unsafe deserialization vulnerability

In December of last year, we reported CVE-2022-1471 to you. This unsafe deserialization problem could easily lead to arbitrary code execution.
Brian Vermeer

July 20, 2023
Security
Snyk
Tools
Preventing Cross-Site Scripting (XSS) in Java applications with Snyk Code

By taking a proactive approach to XSS prevention and using the right resources and tools, developers can help ensure the security and integrity of their Java web applications.
Brian Vermeer

June 09, 2023
Security
Snyk
Mitigating Path Traversal Vulnerabilities in Java

Path traversal vulnerabilities are a serious threat to Java web applications, amongst the top security issues Snyk finds in Java code.
Brian Vermeer

March 24, 2023
Security
Snyk
How to Create SBOMs in Java with Maven and Gradle

Java is a compiled language, so you should create an SBOM whenever you build a release version of your application. Find out more here!
Brian Vermeer

March 17, 2023
DevOps
Security
Snyk
Unsafe Deserialization Vulnerability in SnakeYaml (CVE-2022-1471)

org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default in the spring-boot-starter.
Brian Vermeer

January 12, 2023
Security
Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?

We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
Brian Vermeer,

Erik Costlow,

Frank Delporte

November 21, 2022
Developer Tools
DevOps
Foojay
Java Core
Podcast
Security
Reviewing CVE-2022-42889: Arbitrary Code Execution Vulnerability in Apache Commons Text (Text4Shell)

Resolve this issue by upgrading to commons-text version 1.10 (or later), which disables the prefixes URL, DNS, and script by default.
Brian Vermeer

November 03, 2022
Security
How to Use Java DTOs to Stay Secure

How DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.
Brian Vermeer

October 21, 2022
Java Core
Security
Best Practices for Managing Java Dependencies

Knowing how to select, update, and remove Java dependencies from our application is essential for security.
Brian Vermeer

September 15, 2022
DevOps
Security
Snyk
Tutorials
Controlling your Server with a Reverse Shell Attack

The last thing you need for your happily deployed application is someone to take over your system and fully control it!
Brian Vermeer

September 08, 2022
Security

1-11 of 42

Brian Vermeer42 articles

Set Event Reminder

Subscribe to foojay updates: