Security120 articles

Table of Contents CVE-2025-0851 explainedAbsolute Path TraversalRemediation Deep Java Library (DJL) is an open source deep learning framework that brings AI capabilities to Java developers without requiring a shift to Python. It provides an intuitive, high-level API for building, training, …

Table of Contents What are SBOMs?Why do we need SBOMs?Creating SBOMs with the Snyk CLIInstalling the Snyk CLIGenerate SBOMs using the Snyk CLIMultiple projectsAutomating SBOM generation with the Snyk CLIAnalyzing SBOMsSnyk CLI SBOM TestSupplying up-to-date SBOMs with Snyk The software …

Table of Contents Code generated by AI code assistantsThe Traditional Code Review Struggle: Familiar Pain PointsAI to the Rescue: Enhancing Code Reviews Code reviews are a cornerstone of software development. They’re where we share knowledge, catch bugs early, and ensure …

Table of Contents Step 1: Create an Application in EntraCreate App RoleAssign UsersCreate Client SecretStep 2: Configure OAuth2 with Entra in our ApplicationAdd DependenciesConfigure the ApplicationEnable Entra SecurityConfigure Role PrefixRoles in ActionStep 3: Setup Karibu TestingSummary Many companies use Microsoft …

Table of Contents Random Numbers and Why They MatterRandom Number GeneratorsPseudorandom Number Generators in JavaConclusion On a snowy Christmas Eve, Santa sets off on his journey around the world, gliding through the night sky on his sleigh to deliver presents …

Table of Contents Last month, I published a Foojay article about the risks in systems that are stuck on old or outdated Java versions and got a lot of feedback from developers. Most of them want to move on but …

In this article, we dive into the basics of LDAP (Lightweight Directory Access Protocol)—a powerful protocol used to manage directory information like user authentication, authorization, and centralized account management in IT systems. 🌐👨‍💻

We also explore LDAP Injection, a common security vulnerability 🛡️ where attackers manipulate LDAP queries to:
⚠️ Bypass authentication
⚠️ Access unauthorized data
⚠️ Modify directory entries

Learn how these attacks work, the risks they pose, and, most importantly, how to protect your systems with secure coding practices like input sanitization and parameterized queries. ✅💻

Whether you’re an IT professional, developer, or just curious about cybersecurity, this article is your crash course on LDAP and LDAP Injection! 🚀✨

Table of Contents VideoPodcast (audio only)GuestsJonathan VilaBrian VermeerErik CostlowContent Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we’ll discuss how developers can secure their code. I talked …

Table of Contents The developer’s dilemmaThe current state of Log4shellMore than 20% of companies are still vulnerable to Log4shell.Spring4Shell in the wildWakeup call to all who maintain applications This article was originally published at Snyk.io As developers, we’re constantly juggling …

In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.

Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.