Do you want your ad here?

Contact us to get your ad seen by thousands of users every day!

[email protected]

Foojay Podcast #58: How Java Developers Can Secure Their Code

  • September 30, 2024
  • 5910 Unique Views
  • < 1 min read
Table of Contents
VideoPodcast AppsGuestsContent

Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems.

In this podcast, we'll discuss how developers can secure their code.

I talked with three authors who posted a security and code quality post on Foojay.io.

Video

Podcast Apps

You can listen and subscribe to the Foojay Podcast on:

Guests

Jonathan Vila

Brian Vermeer

Erik Costlow

Content

00:00 Introduction of topic and guests

01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay

19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY

39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/

54:29 Conclusions

Avatar photo

Brian Vermeer

Author

Java Champions & Developer Advocate and Software Engineer for Snyk. Passionate about Java, (Pure) Functional Programming, and Cybersecurity. Co-leading the Virtual JUG, NLJUG and DevSecCon community. Brian is also an Oracle Groundbreaker Ambassador and regular international speaker on mostly Java-related conferences.

Avatar photo

Erik Costlow

Author

Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.

Avatar photo

Frank Delporte

Author

Frank Delporte is a Java Champion, Java Developer, Technical Writer at Azul, Blogger, Author of "Getting started with Java on Raspberry Pi", and Pi4J Contributor. Frank blogs about his experiments with Java and JavaFX, sometimes combined with electronic components, on the Raspberry Pi.

Jonathan Vila

Author

Jonathan is a developer advocate at Sonar. He is a Java Champion and co-founder of the conferences in Spain JBCNConf and DevBcn and organizer of the Barcelona JUG. He has also been a speaker at several conferences including DevNexus, Oracle CodeOne, DevoxxUK, JNation, DevConf.IN, DevConf.US, and JFokus.

Authors (4)

Avatar photo

Brian Vermeer
Avatar photo

Erik Costlow
Avatar photo

Frank Delporte

Jonathan Vila

Thanks to our Sponsors!

Azul logo
Azul
Platinum Sponsor
Redis logo
Redis
Gold Sponsor
CodeRabbit logo
CodeRabbit
Gold Sponsor
Reo logo
Reo
Silver Sponsor
Zencoder logo
Zencoder
Silver Sponsor
Payara logo
Payara
Silver Sponsor
Digma logo
Digma
Bronze Sponsor
adesso logo
adesso
Bronze Sponsor

Trending

Week Month All

Preparing for Spring Framework 7 and Spring Boot 4

The Art of Performance Tuning: Why Saving 30% in the Cloud Means Nothing if Your Code Wastes 1000× More

Foojay Podcast #83: OpenJDK Evolutions plus Tips and Tricks

Service Layer Pattern in Java With Spring Boot

BoxLang Redis Has Landed: Enterprise-Grade Caching, Pub/Sub, and Distributed Locking

Micrometer & Prometheus in Spring Boot: Kafka Burger Orders🍔📨

Understanding MCP Through Raw STDIO Communication

Spring Framework 7.0 and Spring Data 2025.1.0 Embrace Jakarta EE 11 Compatibility

Navigating the Nuances of GraphRAG vs. RAG

JC-AI Newsletter #10

JC-AI Newsletter #9

JC-AI Newsletter: Easy Access to Expanding Challenges

Preparing for Spring Framework 7 and Spring Boot 4

JC-AI Newsletter #8

Understanding MCP Through Raw STDIO Communication

Explore Spring Framework 7 Features—API Versioning

Your New AI-Powered Coding Buddy: A Guide to SonarQube MCP Server on IntelliJ 🤖

Elastic JVM: Configuring G1 GC for Automatic Vertical Memory Scaling

Rate limiting with Redis: An essential guide

Foojay Podcast #81: Maven 4 – The Future of Java Build Automation

Indexing all of Wikipedia, on a laptop

Working with Multiple Carets in IntelliJ IDEA

Clean Shutdown of Spring Boot Applications

Java 17 on the Raspberry Pi

Project Panama for Newbies (Part 1)

How to Create Mobile Apps with JavaFX (Part 1)

Beginning JavaFX Applications with IntelliJ IDE

Foojay Slack: bit.ly/join-foojay-slack

SpringBoot 3.2 + CRaC

Creating Scalable OpenAI GPT Applications in Java

Foojay Podcast #57: Welcome to OpenJDK (Java) 23

Table of Contents VideoPodcast AppsGuests Simon Ritter Artur Skowroński Content OpenJDK (Java) 23 is (almost) here! OpenJDK 23 introduces three new features to the language and runtime and many bug fixes, small improvements, and a longer list of preview features. …

Sep 16 6,5K
Frank Delporte
+1
Simon Ritter
Simon Ritter
Podcast
3
Java Core JDK 23 Java
The Persistent Threat: Why Major Vulnerabilities Like Log4Shell and Spring4Shell Remain Significant

Table of Contents The developer’s dilemmaThe current state of Log4shell More than 20% of companies are still vulnerable to Log4shell. Spring4Shell in the wildWakeup call to all who maintain applications This article was originally published at Snyk.io As developers, we’re …

Sep 17 5,7K
Brian Vermeer
Security
1
Snyk
Top Security Flaws Hiding In Your Code Right Now: And How To Fix Them

Let’s examine the three most common injection attack types—SQL injection, Deserialization Injection, and Logging Injection—and discuss ways to prevent them.

Sep 05 6,5K
Jonathan Vila
Security
2
Java Core Java
Trash Pandas Love Enterprise Java Garbage Code

If raccoons were software engineers, they would feel at home inside many enterprise systems. These systems are often full of unused and dead code.

Aug 13 5,0K
Erik Costlow
Security
2
Java Core Debugging

Do you want your ad here?

Contact us to get your ad seen by thousands of users every day!

[email protected]

Related Articles

The Persistent Threat: Why Major Vulnerabilities Like Log4Shell and Spring4Shell Remain Significant

Table of Contents The developer’s dilemmaThe current state of Log4shell More than 20% of companies are still vulnerable to Log4shell. Spring4Shell in the wildWakeup call to all who maintain applications This article was originally published at Snyk.io As developers, we’re …

Sep 17 5,7K
Brian Vermeer
Security
1
Snyk
Top Security Flaws Hiding In Your Code Right Now: And How To Fix Them

Let’s examine the three most common injection attack types—SQL injection, Deserialization Injection, and Logging Injection—and discuss ways to prevent them.

Sep 05 6,5K
Jonathan Vila
Security
2
Java Core Java
Trash Pandas Love Enterprise Java Garbage Code

If raccoons were software engineers, they would feel at home inside many enterprise systems. These systems are often full of unused and dead code.

Aug 13 5,0K
Erik Costlow
Security
2
Java Core Debugging
LDAP injection #java #springboot
Prevent LDAP injection in Java with SpringBoot

In this article, we dive into the basics of LDAP (Lightweight Directory Access Protocol)—a powerful protocol used to manage directory information like user authentication, authorization, and centralized account management in IT systems. 🌐👨‍💻

We also explore LDAP Injection, a common security vulnerability 🛡️ where attackers manipulate LDAP queries to:
⚠️ Bypass authentication
⚠️ Access unauthorized data
⚠️ Modify directory entries

Learn how these attacks work, the risks they pose, and, most importantly, how to protect your systems with secure coding practices like input sanitization and parameterized queries. ✅💻

Whether you’re an IT professional, developer, or just curious about cybersecurity, this article is your crash course on LDAP and LDAP Injection! 🚀✨

Dec 04 4,6K
Vincent Vauban
Java
4
Videos Spring Security DevOps

Comments (0)

Highlight your code snippets using [code lang="language name"] shortcode. Just insert your code between opening and closing tag: [code lang="java"] code [/code]. Or specify another language.

No comments yet. Be the first.

Set Event Reminder

Subscribe to foojay updates:

https://foojay.io/feed/
Copied to the clipboard