Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


code intelligence

5 Tips for Functional Testing in Java

Functional testing is a critical aspect of application development, and it plays an essential role in products being built within the Java ecosystem to ensure they meet their functional requirements and work as intended for the end user. As this method of testing is heavily based on validating “functionality” (i.e., “Does this application work the way we intend it to work?”), it is essential to utilize it throughout the development process.


Preventing Cross-Site Scripting (XSS) in Java applications with Snyk Code

Java is a powerful backend programming language that can also be used to write HTML pages for web applications. However, developers must know the potential security risks associated with Cross-Site Scripting (XSS) attacks when creating these pages. With the rise of modern templating frameworks, preventing security attacks through proper input validation and encoding techniques has become easier.

code intelligence

New Vulnerability in MySQL JDBC Driver: RCE and Unauthorized DB Access

We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023. The vulnerability was found as part of our collaboration with Google’s OSS-Fuzz

code intelligence

Level Up Your Unit Tests: How to Turn a JUnit Test into a Fuzz Test

Unit tests are indispensable to check and prove that our code functions properly. But in unit testing, we only test the scenarios that we are aware of. However, there are scenarios unknown to us that lead to security vulnerabilities or performance problems. To address these scenarios, you can add fuzz tests in order to effectively find security, reliability, and even logic bugs in your code.

code intelligence

Expression DoS Vulnerability Found in Spring - CVE-2023-20861

As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.


Must To Know Secure Java Development Practices

Java is a top-notch software development technology, that gets highly used for curating desktop, mobile, and web-based applications. According to enlyft, 455,000+ companies are using applications based on java. But, with the introduction of newer technologies, hackers have become more competent in breaching and java apps are one of their primary targets. And the main reason behind it is the occurrence of loopholes in it, including the Spring4Shell/Springshell vulnerability.

code intelligence

11 Tips for Unit Testing in Java

Unit testing is an important part of software development and is considered a crucial step in ensuring the quality and accuracy of the code. It helps in identifying bugs and issues early on in the development cycle, which ultimately results in delivering high-quality software. Java is renowned for being one of the most versatile languages in programming, and it offers a wide selection of unit testing frameworks and tools.


Mitigating path traversal vulns in Java with Snyk Code

Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.