As we settle into 2025, legislation around AI and cybercrime is no longer a distant threat or vague aspiration. It’s here, real, and it’s already changing how companies must build, deploy, and secure intelligent systems. If you’re a developer, security …
-
Path Traversal Vulnerability in Deep Java Library (DJL) and Its Impact on Java AI Development
Deep Java Library (DJL) is an open source deep learning framework that brings AI capabilities to Java developers without requiring a shift to Python. It provides an intuitive, high-level API for building, training, and deploying machine learning models, supporting deep …
-
Creating SBOMs with the Snyk CLI
The software bill of materials (SBOM) is quickly becoming an essential aspect of open source security and compliance. In this post, we’ll delve into what SBOMs are, why they’re necessary, and their role in open source security. What are SBOMs? …
-
Code Reviews with AI: a Developer Guide
Code reviews are a cornerstone of software development. They’re where we share knowledge, catch bugs early, and ensure our code meets the highest standards. But let’s be honest… Traditional code reviews can be time-consuming and tedious and sometimes even miss …
-
Securing Vaadin Applications with Microsoft Entra
Many companies use Microsoft 365, so letting users log in with their Microsoft account is a good choice. This blog post shows how to secure your Vaadin applications using Microsoft Entra for authentication and authorization and explains how Karibu Testing …
-
Pseudorandom Number Generator – The Secret Behind Santa’s Gift Bag
On a snowy Christmas Eve, Santa sets off on his journey around the world, gliding through the night sky on his sleigh to deliver presents to children everywhere. It’s one of the busiest nights of the year for Santa, as …
-
Foojay Podcast #63: How do we keep our Java applications up to date and secure?
Last month, I published a Foojay article about the risks in systems that are stuck on old or outdated Java versions and got a lot of feedback from developers. Most of them want to move on but get stuck on …
-
Prevent LDAP injection in Java with SpringBoot
In this article, we dive into the basics of LDAP (Lightweight Directory Access Protocol)—a powerful protocol used to manage directory information like user authentication, authorization, and centralized account management in IT systems. 🌐👨💻
We also explore LDAP Injection, a common security vulnerability 🛡️ where attackers manipulate LDAP queries to:
⚠️ Bypass authentication
⚠️ Access unauthorized data
⚠️ Modify directory entriesLearn how these attacks work, the risks they pose, and, most importantly, how to protect your systems with secure coding practices like input sanitization and parameterized queries. ✅💻
Whether you’re an IT professional, developer, or just curious about cybersecurity, this article is your crash course on LDAP and LDAP Injection! 🚀✨
-
Foojay Podcast #58: How Java Developers Can Secure Their Code
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we’ll discuss how developers can secure their code. I talked with three authors who posted a security and code …
-
The Persistent Threat: Why Major Vulnerabilities Like Log4Shell and Spring4Shell Remain Significant
This article was originally published at Snyk.io As developers, we’re constantly juggling features, fixes, and deadlines. Yet, a lurking issue has been surprisingly overlooked: the continued use of vulnerable Log4j and Spring Framework versions in many projects. Despite the high-profile …
-
Java: Where the Wild Code Isn’t
In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.
Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.