How Java Developers Can Secure Their Code (#58)

Foojay.io, the Friends Of OpenJDK!

Contenu fourni par Foojay.io. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Foojay.io ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.

1y ago 55:06

MP3•Maison d'episode

Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.
Guests
Jonathan Vila
https://www.linkedin.com/in/jonathanvila/
https://about.me/jonathan.vila
https://twitter.com/jonathan_vila
Brian Vermeer
https://www.linkedin.com/in/brianvermeer/
https://brianvermeer.nl/
https://twitter.com/BrianVerm
Erik Costlow
https://www.linkedin.com/in/costlow/
https://twitter.com/costlow
Content
00:00 Introduction of topic and guests
01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay
19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY
39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/
54:29 Conclusions

89 episodes

#Tech #Foojay.io #Java #Software #Technology #Javafx #Javaee #Kotlin #Security #Microservices #Springs #DevOps

How Java Developers Can Secure Their Code (#58)

Foojay.io, the Friends Of OpenJDK!

published 1y ago

MP3•Maison d'episode

89 episodes

#Tech #Foojay.io #Java #Software #Technology #Javafx #Javaee #Kotlin #Security #Microservices #Springs #DevOps

모든 에피소드

Bienvenue sur Lecteur FM!

Lecteur FM recherche sur Internet des podcasts de haute qualité que vous pourrez apprécier dès maintenant. C'est la meilleure application de podcast et fonctionne sur Android, iPhone et le Web. Inscrivez-vous pour synchroniser les abonnements sur tous les appareils.

Écoutez plus de 500 sujets

Similaire à Foojay.io, the Friends Of OpenJDK!

Podcasts qui valent la peine d'être écoutés

Foojay.io, the Friends Of OpenJDK! « » How Java Developers Can Secure Their Code (#58)

How Java Developers Can Secure Their Code (#58)

Podcasts qui valent la peine d'être écoutés

Bienvenue sur Lecteur FM!

Similaire à Foojay.io, the Friends Of OpenJDK!

Guide de référence rapide

Foojay.io, the Friends Of OpenJDK! « »
How Java Developers Can Secure Their Code (#58)