Last month, I published a Foojay article about the risks in systems that are stuck on old or outdated Java versions and got a lot of feedback from developers. Most of them want to move on but get stuck on …
-
Prevent LDAP injection in Java with SpringBoot
In this article, we dive into the basics of LDAP (Lightweight Directory Access Protocol)—a powerful protocol used to manage directory information like user authentication, authorization, and centralized account management in IT systems. 🌐👨💻
We also explore LDAP Injection, a common security vulnerability 🛡️ where attackers manipulate LDAP queries to:
⚠️ Bypass authentication
⚠️ Access unauthorized data
⚠️ Modify directory entriesLearn how these attacks work, the risks they pose, and, most importantly, how to protect your systems with secure coding practices like input sanitization and parameterized queries. ✅💻
Whether you’re an IT professional, developer, or just curious about cybersecurity, this article is your crash course on LDAP and LDAP Injection! 🚀✨
-
Foojay Podcast #58: How Java Developers Can Secure Their Code
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we’ll discuss how developers can secure their code. I talked with three authors who posted a security and code …
-
The Persistent Threat: Why Major Vulnerabilities Like Log4Shell and Spring4Shell Remain Significant
This article was originally published at Snyk.io As developers, we’re constantly juggling features, fixes, and deadlines. Yet, a lurking issue has been surprisingly overlooked: the continued use of vulnerable Log4j and Spring Framework versions in many projects. Despite the high-profile …
-
Java: Where the Wild Code Isn’t
In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.
Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.
-
Top Security Flaws Hiding In Your Code Right Now: And How To Fix Them
Let’s examine the three most common injection attack types—SQL injection, Deserialization Injection, and Logging Injection—and discuss ways to prevent them.
-
Four Easy Ways to Analyze your Java and Kotlin Code for Security Problems
Nowadays, the security of your applications is just as important as the functionality they provide.
-
IBM Semeru Runtimes for Java includes FIPS 140-3 certified cryptography
IBM Semeru Runtimes for Java 11+ includes FIPS 140-3 cryptography certified by the U.S. National Institute of Standards and Technology (NIST).
-
Unsupported OpenJDK Distributions are at Risk of Non-Compliance with DORA
Read the only logical conclusion of reading DORA in the context of OpenJDK, assuming that it has meaning and intent in the context of OpenJDK or any ICT asset that is vulnerable to the risk that DORA seeks to mitigate.
-
Connecting Resilience to Performance in Relation to OpenJDK
Given the requirements of the DORA Act, which mandates strong operational resilience for financial institutions in the EU, leveraging a JVM like Azul Platform Prime can help ensure compliance and protect critical financial operations from ICT-related disruptions.
-
Are Critical Vulnerabilities Lurking in Your Java Ecosystem?
According to the Datadog “State of DevSecOps” report, a staggering 90% of Java services are susceptible to one or more critical or high-severity vulnerabilities