Table of Contents Understanding LLM guardrailsHow guardrails workEasily implementing guardrails with QuarkusInput guardrailsOutput guardrailsSanitizing LLM input and output Integrating Large Language Models (LLMs) into our applications is becoming increasingly popular. These models are extremely useful for creating content, searching documentation, …
-
Sonar Connect Amsterdam 2025
Table of Contents Code quality + Code security for Open Source & AI code Code quality + Code security for Open Source & AI code In the age of AI, ensuring code quality and code security is more critical than …
-
What is RAG, and How to Secure It
Table of Contents Why use RAGHow RAG Works1. Retrieval2. GenerationSecurity implications of using RAGPrompt injection through retrieved contentData poisoningAccess control gaps in retrievalLeaking PII to third-party modelsCaching risks and session bleedContradictory or low-quality informationProactive and remediation strategies for securing RAGSanitize …
-
Securing Vaadin Applications with Microsoft Entra
Table of Contents Step 1: Create an Application in EntraCreate App RoleAssign UsersCreate Client SecretStep 2: Configure OAuth2 with Entra in our ApplicationAdd DependenciesConfigure the ApplicationEnable Entra SecurityConfigure Role PrefixRoles in ActionStep 3: Setup Karibu TestingSummary Many companies use Microsoft …
-
Pseudorandom Number Generator – The Secret Behind Santa’s Gift Bag
Table of Contents Random Numbers and Why They MatterRandom Number GeneratorsPseudorandom Number Generators in JavaConclusion On a snowy Christmas Eve, Santa sets off on his journey around the world, gliding through the night sky on his sleigh to deliver presents …
-
Foojay Podcast #63: How do we keep our Java applications up to date and secure?
Table of Contents Last month, I published a Foojay article about the risks in systems that are stuck on old or outdated Java versions and got a lot of feedback from developers. Most of them want to move on but …
-
Prevent LDAP injection in Java with SpringBoot
In this article, we dive into the basics of LDAP (Lightweight Directory Access Protocol)—a powerful protocol used to manage directory information like user authentication, authorization, and centralized account management in IT systems. 🌐👨💻
We also explore LDAP Injection, a common security vulnerability 🛡️ where attackers manipulate LDAP queries to:
⚠️ Bypass authentication
⚠️ Access unauthorized data
⚠️ Modify directory entriesLearn how these attacks work, the risks they pose, and, most importantly, how to protect your systems with secure coding practices like input sanitization and parameterized queries. ✅💻
Whether you’re an IT professional, developer, or just curious about cybersecurity, this article is your crash course on LDAP and LDAP Injection! 🚀✨
-
Foojay Podcast #58: How Java Developers Can Secure Their Code
Table of Contents VideoPodcast (audio only)GuestsJonathan VilaBrian VermeerErik CostlowContent Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we’ll discuss how developers can secure their code. I talked …
-
Unsafe is Finally Going Away: Embracing Safer Memory Access with JEP 471
Java’s sun.misc.Unsafe is being phased out. Learn safer memory access using VarHandle and Foreign Function & Memory API to keep your applications secure and up-to-date.
-
Foojay Podcast #50: JCON Report, Part 2 – Maven, Software Security, Code Quality
This is part 2 of the interviews we recorded at the JCON conference earlier this month in Germany. In this episode, you get two main topics: Maven and Code Quality.
-
Foojay Podcast #36: J-Fall Report, Part 3
In this part, hear about Maven, contributing to Open Source projects, JOOQ, Desktop Applications, Thymeleaf, htmx, and Security.
