Security matters! Learn how to configure Vaadin and Spring Security to use OAuth2 with Keycloak on Foojay.io Today!
Unsafe Deserialization Vulnerability in SnakeYaml (CVE-2022-1471)
org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default in the spring-boot-starter.
Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?
We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
Internal Security: Hardening Internal Systems
Security is at odds with productivity and team cohesion. It doesn’t have to be. There’s a balance that mitigates external and internal risk
Reviewing CVE-2022-42889: Arbitrary Code Execution Vulnerability in Apache Commons Text (Text4Shell)
Resolve this issue by upgrading to commons-text version 1.10 (or later), which disables the prefixes URL, DNS, and script by default.
Moving Security into the JVM
With Azul Vulnerability Detection, running the software and getting security insight become the same action.
How to Use Java DTOs to Stay Secure
How DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.
Best Practices for Managing Java Dependencies
Knowing how to select, update, and remove Java dependencies from our application is essential for security.
Controlling your Server with a Reverse Shell Attack
The last thing you need for your happily deployed application is someone to take over your system and fully control it!
Learning by Auditing Kubernetes Manifests
Find out about Checkov, which scans cloud infrastructure configurations to find misconfigurations before they’re deployed.
Exploring CVE-2022-33980: The Apache Commons Configuration RCE Vulnerability
Before we dive into the details of this vulnerability, we want to make it clear that there’s no need for panic!