Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Java

Snyk

Unsafe deserialization vulnerability in SnakeYaml (CVE-2022-1471)

Dec 13, 2022 By Brian Vermeer In Snyk

SnakeYaml is a well-known YAML 1.1 parser and emitter for Java. Recently, a vulnerability — CVE-2022-1471 — was reported for this package. This vulnerability can lead to arbitrary code execution. The org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default with Spring Boot in the spring-boot-starter.

Read Post
code intelligence

How to Fuzz Java with CI Fuzz CLI

Dec 9, 2022 By Josh Grant In Code Intelligence

All software has bugs, and some can be difficult to find or reproduce. However, not all approaches to bug-finding need to be difficult to use! Fuzzing is an undeniably effective approach to finding security issues and bugs in software projects, however, tools can be complex to set up and execute. CI Fuzz CLI (open-source), automates the parts that make fuzzing complex, giving its users the look and feel of a unit test.

Read Post
code intelligence

Build Secure Java Applications with Fuzz Testing

Nov 29, 2022 By Markus Zoppelt In Code Intelligence

Today, I want to show you a way how to increase the integrity and functionality of your Java applications, with fuzz testing. This awesome testing approach has done me great service for building more secure Java applications, and it's basically as simple as unit testing. In this article, I will share how you can apply fuzz testing to your own code. And the best part: all code examples and tools I will use are 100% open-source.

Read Post

Fuzzing Java Applications With CI Fuzz | Gradle

Nov 29, 2022 By Code Intelligence In Code Intelligence
In this tutorial, I will show you how to set up and run a fuzz test on a Java application, with the CI Fuzz CLI using the Gradle integration. The CI Fuzz CLI is an easy-to-use fuzzing tool, that enables you to integrate and run fuzz tests directly from your command line. I chose this tool for this tutorial, on how to set up a fuzz test, as it is particularly user-friendly, and as it allows developers to set up and run a fuzz test with only three commands.
View Video

Fuzzing Java Applications With CI Fuzz | Maven

Nov 29, 2022 By Code Intelligence In Code Intelligence
In this tutorial, I will show you how to set up and run a fuzz test on a Java application, with the CI Fuzz CLI using the Maven integration. The CI Fuzz CLI is an easy-to-use fuzzing tool, that enables you to integrate and run fuzz tests directly from your command line. I chose this tool for this tutorial, on how to set up a fuzz test, as it is particularly user-friendly, and as it allows developers to set up and run a fuzz test with only three commands.
View Video

Stranger Danger: Your Java Attack Surface Just Got Bigger

Nov 23, 2022 By Snyk In Snyk
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
View Video
Snyk

Writing unit tests in Java

Nov 18, 2022 By Lewis Gavin In Snyk

Testing is a crucial best practice when developing software. Unit testing is one of the numerous strategies we can use to ensure our code is functional and optimal. As developers, we can code unit tests to check individual components (units) of the application code, such as a specific method. The idea is to write one or more unit tests for each code section and run them every time a change is made to catch defects as soon as they are introduced into the codebase.

Read Post
Snyk

How Atlassian used Snyk to solve Log4Shell

Nov 16, 2022 By Sarah Conway In Snyk

Snyk recently launched a multi-day live hack series with AWS, where experts demonstrated exploits in real-time and explained how to defend against those vulnerabilities. This series helped viewers discover new ways to improve security across the application stack for AWS workloads. As part of the series, Micah Silverman (Director of Developer Relations, Snyk) and Chris Walz (Senior Security Engineer, Atlassian) discussed Log4Shell.

Read Post
Subscribe to Java

Copyright © 2024 OpsMatters™. All rights reserved.