Containers bring new flexibility and agility to software development and deployment. However, they also introduce a new attack surface that malicious actors can exploit. A compromised container can give an attacker access to other containers and even the host system. Smaller images that contain fewer artifacts are already a great help in achieving a smaller attack surface.

URL encoding is a method that ensures your URL only contains valid characters so that the receiving server can correctly interpret it. According to the RFC 3986 standard, URIs (which are a superset of URLs) only contain a limited set of characters consisting of digits, letters, and a few graphic symbols, all within the ASCII character set. If a URL contains characters outside this limited set, the characters must be percent-encoded.

As traditional phishing attack attachment types like Office documents dwindle in use, threat actors look for new effective ways to use email as a delivery medium to launch an attack. We’ve seen email attachments being used in cyberattacks for decades now, so it shouldn’t come as a surprise to anyone working in an office that a strange attachment type may be malicious. And yet, this trend continues, despite threat actors changing which types of attachments to use.

The Java Development Kit (JDK) library's java.security package is one of the most important packages, yet despite consistent updates, it remains vastly underutilized. In light of the increased emphasis on cybersecurity frameworks, including zero trust, it's imperative for Java developers to become familiar with Java SE's security libraries. As with any other field in information technology, cybersecurity has a capricious nature. After all, it has to keep up with the latest trends in cybercrime.

Functional testing is a critical aspect of application development, and it plays an essential role in products being built within the Java ecosystem to ensure they meet their functional requirements and work as intended for the end user. As this method of testing is heavily based on validating “functionality” (i.e., “Does this application work the way we intend it to work?”), it is essential to utilize it throughout the development process.

Java is a powerful backend programming language that can also be used to write HTML pages for web applications. However, developers must know the potential security risks associated with Cross-Site Scripting (XSS) attacks when creating these pages. With the rise of modern templating frameworks, preventing security attacks through proper input validation and encoding techniques has become easier.

We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023. The vulnerability was found as part of our collaboration with Google’s OSS-Fuzz.

Unit tests are indispensable to check and prove that our code functions properly. But in unit testing, we only test the scenarios that we are aware of. However, there are scenarios unknown to us that lead to security vulnerabilities or performance problems. To address these scenarios, you can add fuzz tests in order to effectively find security, reliability, and even logic bugs in your code.

Java is widely used for developing web applications and relies heavily on APIs (Application Programming Interfaces). Therefore, API testing is a critical practice, as it ensures seamless functionality, compatibility, security, and performance while facilitating integration and simplifying debugging.