Author: Brian Vermeer

Brian Vermeer

Java Champions & Developer Advocate and Software Engineer for Snyk. Passionate about Java, (Pure) Functional Programming, and Cybersecurity. Co-leading the Virtual JUG, NLJUG and DevSecCon community. Brian is also an Oracle Groundbreaker Ambassador and regular international speaker on mostly Java-related conferences.

  • Java Logging: What To Log & What Not To Log?

    Logs are a handy tool to spot mistakes and debug code. For engineers and, specifically, in a DevOps environment, the logs are a very valuable tool.

    In this article, I am going to guide you through a pragmatic approach to Java logging—what should we log, what shouldn’t we log, and how to implement Java logging properly.

    Brian Vermeer
    Read more
  • Log4Shell: Critical Log4j RCE Vulnerabilty – Update to Version 2.15.0

    On Dec.10, 2021, a new, critical Log4j vulnerability was disclosed: Log4Shell. This vulnerability within the popular Java logging framework was published as CVE-2021-44228 and categorized as Critical with a CVSS score of 10, which is the highest score possible. The vulnerability was discovered by Chen Zhaojun …

    Brian Vermeer
    Read more
  • New Java 17 Features for Improved Security and Serialization

    In December 2020, I wrote the article Serialization and deserialization in Java: explaining the Java deserialize vulnerability about the problems Java has with its custom serialization implementation. The serialization framework is so deeply embedded inside Java that knowing how dangerous some implementation …

    Brian Vermeer
    Read more
  • How Social Trends Help Me Fix Essential Vulnerabilities

    Our research team found a strong correlation between socially trending vulnerabilities and the existence of exploits that can actually harm your application.

    Brian Vermeer
    Read more
  • Discussion: State of Java 2021

    A discussion with some great folks in the Java world about the highlights of the Snyk Java Ecosystem report and current developments in Java.

    Brian Vermeer
    Read more
  • Why You Should Upgrade to Maven Version 3.8.1 Today or Very Soon

    If you are working in the Java ecosystem and building your applications with an older Maven version, this message is for you.

    Check your Maven version by typing mvn -version! If you are still running on an old Maven version like 3.6.3 or below you definitely need to upgrade to version 3.8.1 because of security reasons.

    Be aware that to run Maven 3.8.1, Java 7+ is required.

    Brian Vermeer
    Read more
  • Getting Started with Snyk for Secure Java Development

    If you’re a Java developer who wants to develop your applications more securely, you’ve come to the right place. Snyk can help you with that mission.

    This article explains how to begin with Snyk for secure Java development so you can be more secure from the get-go.

    Brian Vermeer
    Read more
  • New JVM Ecosystem Report 2021 Has Arrived!

    Snyk has just released the annual JVM ecosystem report! This report presents the results of the largest annual survey on the state of the JVM ecosystem.

    This year’s survey is a cooperation between Snyk and Azul and was slightly different from the previous surveys.

    We aimed for the survey to be more concise and focus only on the most important aspects of JVM developers today. Additionally, this year every participant was allowed to choose multiple options. We believe that the way the 2021 survey was designed, we have a better and more comprehensive view of the current JVM ecosystem. In this report, we also looked at different open data sources like GitHub and Google Trends to see how that data compares to the survey results.

    Brian Vermeer
    Read more
  • Java Encryption and Hashing

    If you need to store sensitive data in your system, you have to be sure that you have proper encryption in place.

    First of all, you need to decide what kind of encryption you need —for instance, symmetric or asymmetric.

    Also, you need to choose how secure it needs to be. Stronger encryption takes more time and consumes more CPU.

    The most important part is that you don’t need to implement the encryption algorithms yourself. Encryption is hard and a trusted library solves encryption for you.

    Brian Vermeer
    Read more
  • Sanitize All Input!

    Cross-site scripting (XSS) is a well-known issue and mostly utilized in JavaScript applications.

    However, Java is not immune to this. XSS is nothing more than an injection of JavaScript code that’s executed remotely.

    Rule #0 for preventing XSS, according to OWASP, is “Never insert untrusted data except in allowed locations.”

    The basic solution to this Java security risk is to prevent untrusted data, as much as possible, and sanitize everything else before using the data.

    Brian Vermeer
    Read more
  • Preventing YAML Parsing Vulnerabilities in Java

    YAML is a human-readable language to serialize data that’s commonly used for config files. The word YAML is an acronym for “YAML ain’t a markup language” and was first released in 2001. You can compare YAML to JSON or XML as all of them are text-based structured formats.

    YAML files are often used to configure applications, application servers, or clusters. It is a very common format in Spring Boot applications and, of course, to configure Kubernetes. However, similarly to JSON and XML, you can use YAML to serialize and deserialize data.

    Brian Vermeer
    Read more

Subscribe to foojay updates:

https://foojay.io/feed/
Copied to the clipboard