Sign up to save your podcasts
Or
Share How Java Developers Can Secure Their Code (#58)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How Java Developers Can Secure Their Code (#58)
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.
Guests
Jonathan Vila
https://www.linkedin.com/in/jonathanvila/
https://about.me/jonathan.vila
https://twitter.com/jonathan_vila
Brian Vermeer
https://www.linkedin.com/in/brianvermeer/
https://brianvermeer.nl/
https://twitter.com/BrianVerm
Erik Costlow
https://www.linkedin.com/in/costlow/
https://twitter.com/costlow
Content
00:00 Introduction of topic and guests
01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay
19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY
39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/
54:29 Conclusions
View all episodes
By Foojay.ioThree years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.
Guests
Jonathan Vila
https://www.linkedin.com/in/jonathanvila/
https://about.me/jonathan.vila
https://twitter.com/jonathan_vila
Brian Vermeer
https://www.linkedin.com/in/brianvermeer/
https://brianvermeer.nl/
https://twitter.com/BrianVerm
Erik Costlow
https://www.linkedin.com/in/costlow/
https://twitter.com/costlow
Content
00:00 Introduction of topic and guests
01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay
19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY
39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/
54:29 Conclusions
More shows like Foojay.io, the Friends Of OpenJDK!
View all
Software Engineering Radio - the podcast for professional software developers
266 Listeners
The Changelog: Software Development, Open Source
285 Listeners
The Joe Rogan Experience
223,562 Listeners
Software Engineering Daily
629 Listeners
Duke's Corner
8 Listeners
airhacks.fm podcast with adam bien
5 Listeners
CoRecursive: Coding Stories
185 Listeners
The Stack Overflow Podcast
63 Listeners