Java

Message Authentication Code (MAC) Using Java

Feb 23, 2021 By Mansi Sheth In Veracode

This is the seventh entry in this blog series on using Java Cryptography securely. Starting from the basics we began diving deeper into various basic cryptographic primitives such as Cryptographically Secure Random Number Generator, symmetric & asymmetric encryption/decryption & hashes. After taking a brief interval, we caught-up with cryptographic updates in the latest Java version. Skip to the TL; DR

Read Post

Veracode

Read more about Message Authentication Code (MAC) Using Java

10 best practices to build a Java container with Docker

Feb 18, 2021 By Brian Vermeer In Snyk

So, you want to build a Java application and run it inside a Docker image? Wouldn’t it be awesome if you knew what best practices to follow when building a Java container with Docker? Let me help you out with this one! In the following cheatsheet, I will provide you with best practices to build a production-grade Java container. In the Java container example, I build using these guidelines, I will focus on creating an optimized secure Java container for your application.

Read Post

Snyk

Read more about 10 best practices to build a Java container with Docker

Best Practices for Writing Secure Java Code

Feb 9, 2021 By Ian Jenkinson In Coralogix

Every Java developer should follow coding standards and best practices to develop secure Java code. It is critical your code is not vulnerable to exploits or malicious attacks. In recent times, even big organizations like eBay, the CIA, and the IRS have fallen victim to vulnerabilities in their applications that have been discovered and exploited by attackers. The following guidelines provide a solid foundation for writing secure Java code and applications.

Read Post

Coralogix

Read more about Best Practices for Writing Secure Java Code

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Jan 28, 2021 By Brian Vermeer In Snyk

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call! However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities in the packages you depend on. The major question is: where do I start?

Read Post

Snyk

Read more about Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Java XML Security: How to prevent External Entity (XXE) Injection attacks

Jan 12, 2021 By Snyk In Snyk

Is Java XML parsing safe? What is an XML External Entity Vulnerability in Java? How do XXE attacks work in Java? How to do Java XML External Entity Prevention? Make sure to subscribe so you don't miss new content!

View Video

Snyk

Read more about Java XML Security: How to prevent External Entity (XXE) Injection attacks

Java Crypto Catchup

Nov 16, 2020 By Mansi Sheth In Veracode

In 2017, we started a blog series talking about how to securely implement a crypto-system in java. How to Get Started Using Java Cryptography Securely touches upon the basics of Java crypto, followed by posts around various crypto primitives Cryptographically Secure Pseudo-Random Number Generator (CSPRNG), Encryption/Decryption, and Message Digests. We also released a Java Crypto Module for easier dockerization of injectable modules exposing Crypto services via an API.

Read Post