Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?

November 21, 2022

Unique Views: 5,254

sinceNovember, 2022

Author(s)

Brian Vermeer
Java Champions & Developer Advocate and Software Engineer for Snyk. Passionate about Java, (Pure) Functional Programming, and Cybersecurity. Co-leading the Virtual JUG, NLJUG and DevSecCon community. Brian is also an ... Learn more
Erik Costlow
Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. ... Learn more
Frank Delporte
Frank Delporte (@frankdelporte) is a Java Champion, Java Developer, Technical Writer at Azul, Blogger, Author of "Getting started with Java on Raspberry Pi", and Pi4J Contributor. Frank blogs about his ... Learn more

For this Foojay Podcast, we invited security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications.

How can you make and keep your systems safe?

That's what we want to find out...

Guests

Steve Poole (Sonatype, @spool167)
Brian Vermeer (Snyk, @BrianVerm, @[email protected])
Anastasiia Voitova (Cossack Labs, @vixentael, @[email protected])

Host

Erik Costlow (Azul, @costlow, @[email protected])

Content

00'00 Short intro and music
00'15 Introduction about the topic of this podcast
00'31 Introduction of the guests and host
02'40 Foojay article written by Brain about dependencies
- https://foojay.io/today/best-practices-for-managing-java-dependencies/
05'02 XML parsers in Java
05'55 "The more the merrier" versus "The less the better"
06'30 Foojay article written by Brain about the role of Data Transfer Objects in security
- https://foojay.io/today/how-to-use-java-dtos-to-stay-secure/
09'10 Extending on DTOs: encryption in data provisioning
11'10 Database entities versus DTOs and serialization
12'25 Developers need to be trained more on security and take responsibility
13'50 Don't design your own security solution
- https://www.cossacklabs.com/blog/cryptographic-failures-in-rf-encryption/
16'58 Cryptograpic dad joke... 😉
17'40 What are CVEs (Common Vulnerabilities and Exposures)
20'40 Security in the layers of a Java environment
- https://imagetragick.com/
24'50 JAR signing
26'40 CWE with the W of Weaknesses and OWASP
- https://owasp.org/www-project-top-ten/
- https://www.exploit-db.com/
29'40 How to evaluate vulnerability scores
- https://foojay.io/today/java-security-log4j-the-securitymanager-and-funding/
31'23 CVEs as Pokemon, "You gotta catch them all" workshop
32'20 How to be able to fix vulnerabilities
33'57 About the recent critical SSL vulnerability
36'02 Libraries are linked (integrated) into a Java project
- https://github.com/quarkusio/quarkus/issues/14904
38'15 Security is an educational thing and understand your tools
39'90 Role of the different players in a team
46'32 Can the JVM itself be more secure
49'44 Make the JVM aware of vulnerable code
51'10 Security insights in IoT devices
- https://www.cossacklabs.com/case-studies/iiot-security-a-hive-and-a-queen/
1h01'30 Developers should learn about defending depth
1h02'10 Conclusion

Don’t Forget to Share This Post!

Author Brian Vermeer

Java Champions & Developer Advocate and Software Engineer for Snyk. Passionate about Java, (Pure) Functional Programming, and Cybersecurity. Co-leading the Virtual JUG, NLJUG and DevSecCon community. Brian is also an Oracle Groundbreaker Ambassador and regular international speaker on mostly Java-related conferences.

Author Erik Costlow

Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a…

Author Frank Delporte

Frank Delporte (@frankdelporte) is a Java Champion, Java Developer, Technical Writer at Azul, Blogger, Author of "Getting started with Java on Raspberry Pi", and Pi4J Contributor. Frank blogs about his experiments with Java, sometimes combined with electronic components, on the Raspberry Pi.

Author(s)

Brian Vermeer
Java Champions & Developer Advocate and Software Engineer for Snyk. Passionate about Java, (Pure) Functional Programming, and Cybersecurity. Co-leading the Virtual JUG, NLJUG and DevSecCon community. Brian is also an ... Learn more
Erik Costlow
Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. ... Learn more
Frank Delporte
Frank Delporte (@frankdelporte) is a Java Champion, Java Developer, Technical Writer at Azul, Blogger, Author of "Getting started with Java on Raspberry Pi", and Pi4J Contributor. Frank blogs about his ... Learn more

Comments (0)

Cancel reply

Your email address will not be published. Required fields are marked *

Highlight your code snippets using [code lang="language name"] shortcode. Just insert your code between opening and closing tag: [code lang="java"] code [/code]. Or specify another language.

Save my name, email, and website in this browser for the next time I comment.

Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?

Author(s)

Guests

Content

Related Articles

Author(s)

Comments (0)

Cancel reply

Set Event Reminder

Subscribe to foojay updates: