How Java Developers Can Secure Their Code (#58) episode artwork

EPISODE · Sep 28, 2024 · 55 MIN

How Java Developers Can Secure Their Code (#58)

from Foojay.io, the Friends Of OpenJDK! · host Foojay.io | Java and Programming Community

Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.Guests     Jonathan Vila          https://www.linkedin.com/in/jonathanvila/          https://about.me/jonathan.vila          https://twitter.com/jonathan_vila      Brian Vermeer         https://www.linkedin.com/in/brianvermeer/          https://brianvermeer.nl/          https://twitter.com/BrianVerm      Erik Costlow          https://www.linkedin.com/in/costlow/           https://twitter.com/costlow   Content00:00 Introduction of topic and guests 01:35 Brian: Why is Log4Shell still around?    https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/   03:24 Outdated dependencies are still used a lot 04:31 Who is responsible for dependency updates? 07:55 Snyk tools to help discover issues 10:15 Comparing to Dependabot 11:21 How to keep dependencies up-to-date 14:32 Responsibility to use dependencies with care 17:17 Looking forward to the JFall conference  18:48 About Foojay  19:49 Jonathan: Is SQL injection still a problem?    https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/  24:50 Deserialization injection 27:30 Logging injection 31:22 Even experienced developers make mistakes 33:17 About Sonar tools 35:53 Other articles by Jonathan    https://foojay.io/today/author/jonathan-vila/     https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/ 38:20 Other security tools    https://www.youtube.com/watch?v=-wVCYj8oQUY 39:47 Erik: Trash Pandas are attracted by unused code    https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/   43:01 How bad are insecure but unused libraries? 45:16 Problem of code only used by unit tests 47:15 Testing in different layers (develop, test, production) 49:31 How much code is not used in production? 50:31 How code becomes unused    https://foojay.io/today/foojay-podcast-57/ 54:29 Conclusions

Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.Guests     Jonathan Vila          https://www.linkedin.com/in/jonathanvila/          https://about.me/jonathan.vila          https://twitter.com/jonathan_vila      Brian Vermeer         https://www.linkedin.com/in/brianvermeer/          https://brianvermeer.nl/          https://twitter.com/BrianVerm      Erik Costlow          https://www.linkedin.com/in/costlow/           https://twitter.com/costlow   Content00:00 Introduction of topic and guests 01:35 Brian: Why is Log4Shell still around?    https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/   03:24 Outdated dependencies are still used a lot 04:31 Who is responsible for dependency updates? 07:55 Snyk tools to help discover issues 10:15 Comparing to Dependabot 11:21 How to keep dependencies up-to-date 14:32 Responsibility to use dependencies with care 17:17 Looking forward to the JFall conference  18:48 About Foojay  19:49 Jonathan: Is SQL injection still a problem?    https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/  24:50 Deserialization injection 27:30 Logging injection 31:22 Even experienced developers make mistakes 33:17 About Sonar tools 35:53 Other articles by Jonathan    https://foojay.io/today/author/jonathan-vila/     https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/ 38:20 Other security tools    https://www.youtube.com/watch?v=-wVCYj8oQUY 39:47 Erik: Trash Pandas are attracted by unused code    https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/   43:01 How bad are insecure but unused libraries? 45:16 Problem of code only used by unit tests 47:15 Testing in different layers (develop, test, production) 49:31 How much code is not used in production? 50:31 How code becomes unused    https://foojay.io/today/foojay-podcast-57/ 54:29 Conclusions

NOW PLAYING

How Java Developers Can Secure Their Code (#58)

0:00 55:06

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit Tales Of A Superstar DJ The Insomniac Spun seemingly out of nowhere from her complacent life in the corporate world, turned seemingly overnight from 16-Hour shift work and into the life of a literally starving artist and working musician, The Protagonist navigates her supposed rise to fame and superstardom on a journey through spiritual awakening, coming-of-age, and intimate self-realization--guided by an omnipresent force and equipped with the power of love, magic, and music. {Enter The Multiverse.} [The Festival Project] The Festival Project, Inc.™ is a multidimensional multimedia platform which encompasses exploratory and artistic social personifications and expressions on cosmic theory, spirituality, growth, health & wellness, philosophy and theoretic dynamics in entertainment such as music, design, film, television, radio, dance and festival culture, art, fashion, literature, and science. The Festival Project™ and its subsidiary Non-Profit, The Collective Complex © aims to challenge modern artistic and philosop Explicit Bitcoin Is Dead Trey Carson Welcome to Bitcoin is Dead, the ultimate Bitcoin variety show where host Trey takes you on a journey through the ever-evolving world of Bitcoin. Each episode brings new personalities, fascinating locations, and insightful conversations with politicians, educators, and innovators shaping the future of Bitcoin. Whether you're a seasoned Bitcoiner or just starting your journey, tune in for thought-provoking discussions, unique perspectives, and a deep dive into the ideas and people driving the Bitcoin revolution. Explicit The Sacred +Profane Podcast nephtaragrace The Sacred + Profane Podcast is a provocative conversation dedicated to cementing a better future for all. We specialize in unpacking the nuances of what is considered sacred and profane, particularly focusing on sex, death, and all that pertains to the circle of life. Our aim in focusing on such ”taboo” subject matter is to demystify what is unconscious, bring to light what has been known for centuries as ”the occult,” and empower the rapid transformation that is occurring on the Planet. Explicit

Frequently Asked Questions

How long is this episode of Foojay.io, the Friends Of OpenJDK!?

This episode is 55 minutes long.

When was this Foojay.io, the Friends Of OpenJDK! episode published?

This episode was published on September 28, 2024.

What is this episode about?

Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a...

Can I download this Foojay.io, the Friends Of OpenJDK! episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!