By taking a proactive approach to XSS prevention and using the right resources and tools, developers can help ensure the security and integrity of their Java web applications.
Making SBOMs, Threats, and Modelling Them a Piece of Cake!
The third article in a series on SBOMs, software supply chains, the government and you, introducing threat modelling and tools to help!
Make Your Security Policy Auditable
Learn how you can leverage OPA and Apache APISIX to move your authentication and authorization logic from the code to the infrastructure.
SBOMs and Software Composition Analysis
Let’s learn all about software composition analysis, how they work and why it is important for developers to get started as soon as possible!
Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?
We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
Learning by Auditing Kubernetes Manifests
Find out about Checkov, which scans cloud infrastructure configurations to find misconfigurations before they’re deployed.
How to do password hashing in Java applications the right way!
There are multiple ways to store sensitive passwords. And while having choices can be great, in the context of password storage, picking wrong can be a security nightmare. With that in mind, let’s hash out some of your options 🥁🥁.In this article …
Quick Fire Java: Java After Log4j
Watch a 10 minute discussion on Log4j, security processes and prioritization, and how Payara dealt with the vulnerability.
Security Warning: Your Java Attack Surface Just Got Bigger
Learn about common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j.
Detecting, Investigating and Verifying Fixes for Security Incidents and Zero Day Issues Using Lightrun
Learn about major milestones in app security: finding the issue, evaluating a breach, proving it, and validating the fix!
You’re Running Untrusted Code!
I’m afraid the deprecation of the Security Manager just added several lines to that risk, all linked to running untrusted code.