EPISODE · Sep 28, 2024 · 55 MIN
How Java Developers Can Secure Their Code (#58)
from Foojay.io, the Friends Of OpenJDK! · host Foojay.io | Java and Programming Community
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.Guests Jonathan Vila https://www.linkedin.com/in/jonathanvila/ https://about.me/jonathan.vila https://twitter.com/jonathan_vila Brian Vermeer https://www.linkedin.com/in/brianvermeer/ https://brianvermeer.nl/ https://twitter.com/BrianVerm Erik Costlow https://www.linkedin.com/in/costlow/ https://twitter.com/costlow Content00:00 Introduction of topic and guests 01:35 Brian: Why is Log4Shell still around? https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/ 03:24 Outdated dependencies are still used a lot 04:31 Who is responsible for dependency updates? 07:55 Snyk tools to help discover issues 10:15 Comparing to Dependabot 11:21 How to keep dependencies up-to-date 14:32 Responsibility to use dependencies with care 17:17 Looking forward to the JFall conference 18:48 About Foojay 19:49 Jonathan: Is SQL injection still a problem? https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/ 24:50 Deserialization injection 27:30 Logging injection 31:22 Even experienced developers make mistakes 33:17 About Sonar tools 35:53 Other articles by Jonathan https://foojay.io/today/author/jonathan-vila/ https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/ 38:20 Other security tools https://www.youtube.com/watch?v=-wVCYj8oQUY 39:47 Erik: Trash Pandas are attracted by unused code https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/ 43:01 How bad are insecure but unused libraries? 45:16 Problem of code only used by unit tests 47:15 Testing in different layers (develop, test, production) 49:31 How much code is not used in production? 50:31 How code becomes unused https://foojay.io/today/foojay-podcast-57/ 54:29 Conclusions
What this episode covers
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.Guests Jonathan Vila https://www.linkedin.com/in/jonathanvila/ https://about.me/jonathan.vila https://twitter.com/jonathan_vila Brian Vermeer https://www.linkedin.com/in/brianvermeer/ https://brianvermeer.nl/ https://twitter.com/BrianVerm Erik Costlow https://www.linkedin.com/in/costlow/ https://twitter.com/costlow Content00:00 Introduction of topic and guests 01:35 Brian: Why is Log4Shell still around? https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/ 03:24 Outdated dependencies are still used a lot 04:31 Who is responsible for dependency updates? 07:55 Snyk tools to help discover issues 10:15 Comparing to Dependabot 11:21 How to keep dependencies up-to-date 14:32 Responsibility to use dependencies with care 17:17 Looking forward to the JFall conference 18:48 About Foojay 19:49 Jonathan: Is SQL injection still a problem? https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/ 24:50 Deserialization injection 27:30 Logging injection 31:22 Even experienced developers make mistakes 33:17 About Sonar tools 35:53 Other articles by Jonathan https://foojay.io/today/author/jonathan-vila/ https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/ 38:20 Other security tools https://www.youtube.com/watch?v=-wVCYj8oQUY 39:47 Erik: Trash Pandas are attracted by unused code https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/ 43:01 How bad are insecure but unused libraries? 45:16 Problem of code only used by unit tests 47:15 Testing in different layers (develop, test, production) 49:31 How much code is not used in production? 50:31 How code becomes unused https://foojay.io/today/foojay-podcast-57/ 54:29 Conclusions
NOW PLAYING
How Java Developers Can Secure Their Code (#58)
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m