Security

Community manager Brian Vermeer

Java Champions & Developer Advocate and Software Engineer for Snyk. Passionate about Java, (Pure) Functional Programming, and Cybersecurity. Co-leading the Virtual JUG, NLJUG and DevSecCon community. Brian is also an Oracle Groundbreaker Ambassador and regular international speaker on mostly Java-related conferences.

  • How to Protect Your Database in a Distributed World with IP Access List

    Astra DB’s IP Access List addresses security concerns by enabling users to custom configure IPs and CIDR blocks that can access Astra DB hosted resources, including REST, GraphQL, Swagger, and CQLsh.

    This lets enterprises restrict access from select office and home networks.

    Read more
  • SolarWinds Hack And The Executive Order Of Cybersecurity: What Does This Mean For Us?

    In the past two years, we have had to learn a lot about cybersecurity. New attack vectors are becoming more and more sophisticated and are directed more and more against the value chain in general.

    But what does that mean for us? What can be done about it, and what reactions have the state already taken?

    Read more
  • Why You Should Upgrade to Maven Version 3.8.1 Today or Very Soon

    If you are working in the Java ecosystem and building your applications with an older Maven version, this message is for you.

    Check your Maven version by typing mvn -version! If you are still running on an old Maven version like 3.6.3 or below you definitely need to upgrade to version 3.8.1 because of security reasons.

    Be aware that to run Maven 3.8.1, Java 7+ is required.

    Read more
  • SAST, DAST, IAST and RASP

    In this article, we’re going to look at the differences between the various cybersecurity defence techniques.

    My personal opinion on these different approaches is that if you start with DevSecOps or security in IT in general, the SAST approach makes the most sense. This is where the greatest potential threat can be eliminated with minimal effort.

    Here you can identify four main groups, which we will go through briefly one after another to illustrate the advantages and disadvantages.

    Read more
    • Security

    Are Java Security Updates Important?

    Recently, I was in discussion with a Java user at a bank about the possibilities of using Azul Platform Core to run a range of applications. 

    Security is a very serious concern when sensitive data is in use, and potentially huge sums of money could be stolen.

    I was, therefore, somewhat taken aback when the user said, “We’re not worried about installing Java updates as our core banking services are behind a firewall.”

    Read more
  • Getting Started with Snyk for Secure Java Development

    If you’re a Java developer who wants to develop your applications more securely, you’ve come to the right place. Snyk can help you with that mission.

    This article explains how to begin with Snyk for secure Java development so you can be more secure from the get-go.

    Read more
  • CVSS 101: First Steps with Common Vulnerability Scoring System

    What is the Common Vulnerability Scoring System (CVSS), who is behind it, what are we doing with it, and what does a CVSS Value mean for you?

    With CVSS, we have a value system for evaluating security gaps in software. Since there are no alternatives, the system has been in use worldwide for over ten years and is constantly being developed, it is a defacto standard.

    The evaluation consists of three components.

    Read more
  • The Lifecycle of a Security Vulnerability

    Again and again, we read in the IT news about new security gaps that have been identified.

    Most of the time, you don’t even hear or read anything about all the security holes found that are not as well known as the SolarWinds Hack, for example.

    But what is the typical lifecycle of such a security gap?

    Read more
    • Security

    Java Encryption and Hashing

    If you need to store sensitive data in your system, you have to be sure that you have proper encryption in place.

    First of all, you need to decide what kind of encryption you need —for instance, symmetric or asymmetric.

    Also, you need to choose how secure it needs to be. Stronger encryption takes more time and consumes more CPU.

    The most important part is that you don’t need to implement the encryption algorithms yourself. Encryption is hard and a trusted library solves encryption for you.

    Read more
  • JEP 411: What it Means for Java’s Security Model and Why You Should Apply the Principle of Least Privilege

    Java, like most platforms or languages has layers of security. This article intends to look at Java’s Authorization layer, which is unlike in other languages.

    We will also distinguish between two different ways this layer is typically utilized and why one is effective while the other isn’t.

    Furthermore, we investigate why JEP 411 only considers the least effective method and hopefully we will increase awareness of the Principle of Least Privilege as it is applied to Java Authorization, improve adoption and encourage people to take advantage of the improved security it provides.

    We hope to prolong its support and possibly even improve it in future.

    Read more
    • Security

    Java: Where the Wild Code Isn’t

    In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.

    Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.

    Read more

Subscribe to foojay updates:

https://foojay.io/feed/
Copied to the clipboard