Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Java

code intelligence

Expression DoS Vulnerability Found in Spring - CVE-2023-20861

Mar 22, 2023 By Dae Glendowne In Code Intelligence
As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.
Read Post
signmycode

Must To Know Secure Java Development Practices

Mar 20, 2023 By SignMyCode In SignMyCode

Java is a top-notch software development technology, that gets highly used for curating desktop, mobile, and web-based applications. According to enlyft, 455,000+ companies are using applications based on java. But, with the introduction of newer technologies, hackers have become more competent in breaching and java apps are one of their primary targets. And the main reason behind it is the occurrence of loopholes in it, including the Spring4Shell/Springshell vulnerability.

Read Post
code intelligence

11 Tips for Unit Testing in Java

Mar 14, 2023 By Josh Grant In Code Intelligence
Unit testing is an important part of software development and is considered a crucial step in ensuring the quality and accuracy of the code. It helps in identifying bugs and issues early on in the development cycle, which ultimately results in delivering high-quality software. Java is renowned for being one of the most versatile languages in programming, and it offers a wide selection of unit testing frameworks and tools.
Read Post
Snyk

Mitigating path traversal vulns in Java with Snyk Code

Mar 6, 2023 By Brian Vermeer In Snyk

Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.

Read Post
veracode

Resolving CVE-2022-1471 with the SnakeYAML 2.0 Release

Mar 3, 2023 By Nova In Veracode

In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.

Read Post
code intelligence

How To Do Unit Testing In Java

Feb 8, 2023 By Josh Grant In Code Intelligence
Unit testing is a crucial aspect of software development and helps to ensure that individual units of code are working as intended. In Java, the most popular framework for unit testing is JUnit. In this article, we will go over the basics of how to write and run unit tests in Java using the popular testing framework, as well as some best practices for unit testing.
Read Post
code intelligence

How to Test a Java Application

Jan 24, 2023 By Josh Grant In Code Intelligence
Creating effective test cases and the right testing strategy for Java applications can be a time-consuming and complex task. This is where specialized testing solutions come in. With the right setup, developers can catch bugs early in the development process, before they become more difficult and expensive to fix. Additionally, testing methods can help identify and mitigate security vulnerabilities, which is critical for protecting sensitive data and maintaining the integrity of the application.
Read Post

My New Year's Resolution As A Java Dev | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
Join me on a journey to improve Java development skills and learn about a new software testing approach called fuzz testing. In this series, I'll share my experiences using fuzz testing tools like CI Fuzz, OWASP Zap, OSS-Fuzz, and Jazzer to hunt for bugs and vulnerabilities in Java software. I'll also delve into the world of CVE hunting and best practices for uncovering common web vulnerabilities like Denial of Service and Remote Code Execution. Subscribe to stay updated on new episodes and get access to helpful links, tools, and blog posts. Let's improve our Java skills together!
View Video

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.
View Video

How to Find Bugs In Java at Scale With CI Fuzz CLI and JUnit | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
In this video, I demonstrate how to use CI Fuzz CLI, a simple and easy-to-use fuzz testing tool, to find unexpected bugs and vulnerabilities in Java software. I walk through the process of setting up and running a fuzz test, including creating a configuration file, adding dependencies to a Maven project, and writing JUnit-compatible fuzz tests. If you're interested in learning more about fuzz testing as a complementary approach to unit testing, this video is for you.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.