Table of Contents PrerequisitesDevelopmentMaven ArchetypeLambdaDockerBuilding the projectDeploymentSupporting AWS InfrastructureUpload DockerLambda DeploymentSAM Deployment (Alternative)TestingLocal TestingRemote TestingReferences Have you ever wanted to deploy a Java Serverless function, but package it with a Docker Image? That is possible now with AWS new Container …
-
Prevent LDAP injection in Java with SpringBoot
In this article, we dive into the basics of LDAP (Lightweight Directory Access Protocol)—a powerful protocol used to manage directory information like user authentication, authorization, and centralized account management in IT systems. 🌐👨💻
We also explore LDAP Injection, a common security vulnerability 🛡️ where attackers manipulate LDAP queries to:
⚠️ Bypass authentication
⚠️ Access unauthorized data
⚠️ Modify directory entriesLearn how these attacks work, the risks they pose, and, most importantly, how to protect your systems with secure coding practices like input sanitization and parameterized queries. ✅💻
Whether you’re an IT professional, developer, or just curious about cybersecurity, this article is your crash course on LDAP and LDAP Injection! 🚀✨
-
Effortless updates require a zero-migration policy
Table of Contents The challenge of keeping microservices up to dateZero-migration architectureHow does zero-migration architecture work?ModularityEasily upgrade to a new version of LibertyCaveatsSummary: Zero migration vs technical debt In today’s production environments, it is not only expected, but critical to …
-
Foojay Podcast #58: How Java Developers Can Secure Their Code
Table of Contents VideoPodcast (audio only)GuestsJonathan VilaBrian VermeerErik CostlowContent Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we’ll discuss how developers can secure their code. I talked …
-
Health Check Response Format for HTTP APIs
I’m continuing my journey on getting more familiar with HTTP APIs by reading related RFCs.
-
DRY your Apache APISIX config
DRY is an important principle in software development. In this article, you learn how to apply it to Apache APISIX configuration.
-
Implementing the Idempotency-Key specification on Apache APISIX
A simple implementation of the Idempotency-Key header specification on Apache APISIX via a plugin.
-
When (not) to write an Apache APISIX plugin
Practical alternatives to writing a custom plugin, offering solutions you can quickly implement in your projects.
-
Creating cloud-native Java applications with the 12-factor app methodology
Learn how you could create cloud-native Java apps that are portable, scalable, and reliable with the 12 factor app methodology.
-
OpenTelemetry Tracing on Spring Boot, Java Agent vs. Micrometer Tracing
Let’s compare three different ways to do OpenTelemtry Tracing: Java agent v1, Java agent v2, and Micrometer Tracing.
-
Are Critical Vulnerabilities Lurking in Your Java Ecosystem?
According to the Datadog “State of DevSecOps” report, a staggering 90% of Java services are susceptible to one or more critical or high-severity vulnerabilities
