A few days ago, security researcher Neil Madden published a blog post, in which he provided details about a newly disclosed vulnerability in Java, CVE-2022-21449 or “Psychic Signatures”. This security vulnerability originates in an improper implementation of the ECDSA signature verification algorithm, introduced in Java 15.
By now, you’re probably all aware of the recent Log4j and Spring Framework vulnerabilities. As a recap, the Log4j vulnerability – made public on December 10, 2021 – was the result of an exploitable logging feature that, if successfully exploited, could allow attackers to perform an RCE (Remote Code Execution) and compromise the affected server.
Several vulnerabilities for Java Spring framework have been disclosed in the last hours and classified as similar as the vulnerability that caused the Log4Shell incident at the end of 2021. However, as of the publishing of this report, the still ongoing disclosures and events on these vulnerabilities suggest they are not as severe as their predecessor.
At the end of March 2022, two critical vulnerabilities (CVE-2022-22963 and CVE-2022-22965) were discovered in different components of VMware Spring. Spring is a popular framework focused on facilitating the development of Java applications, including cloud-based apps, eliminating the need for additional code or concerns related to server requirements.
There are multiple ways to store sensitive passwords. And while having choices can be great, in the context of password storage, picking wrong can be a security nightmare. With that in mind, let’s hash out some of your options 🥁🥁.In this article we’ll discuss how you should hash passwords in your Java applications. While you can apply these principles to any ecosystem, we’ll specifically showcase the best way to handle password hashing in Java.
There are multiple types of encryption and most ecosystems and languages come with many libraries to help you encrypt the data. The question nowadays is, what type of encryption should I pick for the problem. This article will focus on encrypting passwords for Java applications specifically. While we can apply the main principles to any ecosystem, we will explore examples and libraries in Java that are useful for your daily job.
Today we’re pleased to announce an update to our popular Docker and Snyk vulnerability cheat sheet. Since 2020, millions of MacOS and Windows developers have been able to use docker scan to analyze their containers in their local environments as part of their day-to-day development. This capability gives teams feedback at the time of active development for faster cycles.
