We invited Java security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
-
Learning by Auditing Kubernetes Manifests
Find out about Checkov, which scans cloud infrastructure configurations to find misconfigurations before they’re deployed.
-
How to do password hashing in Java applications the right way!
There are multiple ways to store sensitive passwords. And while having choices can be great, in the context of password storage, picking wrong can be a security nightmare. With that in mind, let’s hash out some of your options 🥁🥁.In this article …
-
Quick Fire Java: Java After Log4j
Watch a 10 minute discussion on Log4j, security processes and prioritization, and how Payara dealt with the vulnerability.
-
Security Warning: Your Java Attack Surface Just Got Bigger
Learn about common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j.
-
Detecting, Investigating and Verifying Fixes for Security Incidents and Zero Day Issues Using Lightrun
Learn about major milestones in app security: finding the issue, evaluating a breach, proving it, and validating the fix!
-
You’re Running Untrusted Code!
I’m afraid the deprecation of the Security Manager just added several lines to that risk, all linked to running untrusted code.
-
PSA: The Risks of Remote JDWP Debugging
Java Debug Wire Protocol (a.k.a. JDWP) was designed for testing internally. Opening it to production is a HUGE security and stability risk…
-
CVSS 101: First Steps with Common Vulnerability Scoring System
What is the Common Vulnerability Scoring System (CVSS), who is behind it, what are we doing with it, and what does a CVSS Value mean for you?
With CVSS, we have a value system for evaluating security gaps in software. Since there are no alternatives, the system has been in use worldwide for over ten years and is constantly being developed, it is a defacto standard.
The evaluation consists of three components.
-
The Lifecycle of a Security Vulnerability
Again and again, we read in the IT news about new security gaps that have been identified.
Most of the time, you don’t even hear or read anything about all the security holes found that are not as well known as the SolarWinds Hack, for example.
But what is the typical lifecycle of such a security gap?
-
Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack
The npm Registry is vulnerable to supply chain namespace shadowing, also known as “Dependency Confusion” attacks.
Make sure you create npm scoped packages and force exclude patterns.