Did AI Just Break Software Security For Ever?
Table of Contents First: The rate of CVE arrivalsSecond: AI detection of vulnerabilities becoming the normThird: The breaking of an old asymmetryFourth: Regulators got impatientThe maths no longer worksThink about Y2KThe response doesn't wait for the disasterThe asymmetry that should ...
-
Spring Boot Migration and the CRA: When Good Enough Isn’t
Table of Contents If You’re Already on 4.0The zombie problem followed youIf You’re Still on 3.5The technical risk is growing. The legal risk is about to change.What “Without Undue Delay” Actually Means NowArticle 14 and the 24-hour clockThe calculation changes …
-
Tiberius: A Security Testing Framework for LLM Applications in Java
Table of Contents 1. The Problem2. What Tiberius Does2.1 Fixture-Based Regression Testing2.2 Guardrail Validation Against Real Attack Data2.3. Probabilistic Security Contracts2.4. Bias Testing2.5. Model Fingerprinting3. Attack Coverage3.1 Buff Mutations4. Integration5. The Case for Shared Attack Datasets6. Security Testing as a …
-
Introducing bx-jwt: Enterprise-Grade JSON Web Tokens for BoxLang
Table of Contents The Fluent Builder — jwtNew()The BIF FunctionsHMAC Sign and VerifyRSA Sign and VerifyJWE Encryptionalg:none RejectionHMAC Minimum Key Lengths (RFC 7518 §3.2)Algorithm AllowlistClock Skew ToleranceAuthentication MiddlewareToken Refresh with Grace PeriodKid-Based Key RotationSigning (JWS)Encryption (JWE) JWT authentication is everywhere. …
-
BoxLang v1.13.0: Compatibility, Concurrency, and Formatter Maturity
Table of Contents New FeaturesCharacter-Aware Trimming — trim(), ltrim(), rtrim()getClassMetadata() by Absolute PathSystemExecute() Environment ControlsThe BoxLang Formatter Goes Production-ReadyAsync & Concurrency HardeningMiniServer: Security & ReliabilityCompatibility WinsChangelog Highlights BoxLang 1.13.0 is a stability-first release with deep compatibility work and runtime hardening. …
-
Don’t Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)
Table of Contents What the sandbox protects againstAbusing the templating engineHow the tab character breaks the Thymeleaf sandboxWhat you need to doThe CVSS score 9.1 is real, but conditional The Thymeleaf vulnerability with a CVSS score of 9.1 grabs your …
-
Foojay Podcast #95: Is Your Java App Actually Secure, Or Does It Just Look That Way?
Table of Contents YouTubePodcast AppsGuestsSteve PooleDavid WelchContent Is your Java application actually secure, or does it just look that way? In this episode of the Foojay Podcast, Frank is joined by Steve Poole and David Welch, both from HeroDevs, to …
-
Crossing the River Styx: Spring Boot 3.5 and the Zombie Dependency Problem
Table of Contents The CVE Blind SpotThe River StyxThe Rules Changed. The Habits Didn’t.What This Looks Like in PracticeWhen Dependencies Become ZombiesSpring Boot 3.5: The Next CrossingWe’ve Seen This Film BeforeThe Window Is Open. For Now.The Map, Not Just the …
-
Why Java Developers Over-Trust AI Suggestions
Table of Contents Your Brain Is Working Against YouWhere Java Developers Are Most ExposedYour Toolchain Catches Some of ThisMake the Model Show Its WorkingThe Confidence TaxSources This article is adapted from The Confidence Trap, part of the “2026 Supply Chain …
-
🤖 5 Best Practices for Working with AI Agents, Subagents, Skills and MCP
Table of Contents §0 📖 Where This Fits in the Series§1 🏗️ The Naive Architecture — and Why It Breaks§2 ✅ The Better Architecture — Multi-Agent with MCP§3 📉 Before You Build: The Productivity Reality Check§3b 📐 Requirements First — …
-
DPoP: What It Is, How It Works, and Why Bearer Tokens Aren’t Enough
Table of Contents What is DPoP?The Problem: Bearer Tokens and the “Finders Keepers” RiskHow Does DPoP Work?Configuring DPoP in KeycloakDPoP in Action with QuarkusProject SetupProtected EndpointsReplay Protection with a jti FilterTesting with k6Conclusion DPoP is one of the most exciting …
