Category: Blog

How to Upgrade Debian Bullseye to Bookworm

Debian released the new stable version 12 in June 2023. The codename this time is Bookworm, and this is the little green worm from Toy Story. If you run version 11 of Debian, you will have support roughly until June 2026. Those who don’t want to wait can follow this tutorial for the upgrade. Prerequisites […]
Denis Zygann 0 Comments

Java Deserialization Attacks: Understanding and Preventing a Silent Killer

Most developers think of SQL injection, cross-site scripting, or authentication flaws when building secure Java applications. But lurking in the background is a critical, subtle and dangerous vulnerability: deserialization attacks. In fact, this class of issues is recognised by OWASP as part of the Top 10:2021 security risks, specifically under #8: Software and Data Integrity […]
Denis Zygann 0 Comments

Understanding XXE Attacks in Java: A Hidden Risk in XML Processing

Security misconfiguration ranks as #5 in the OWASP Top 10 (2021) — and XML External Entity (XXE) vulnerabilities are a textbook example of this issue. While XML remains a foundational data format in many Java applications, improper configuration of XML parsers can expose serious security holes. XXE attacks are often overlooked but can lead to […]
Denis Zygann 0 Comments

Path Traversal via File Upload in Java: What You Need to Know

File uploads are a common feature in many web applications, but they can be a serious security risk if not handled properly. One of the lesser-known (but highly dangerous) vulnerabilities is Path Traversal via File Upload. It’s a variation of an insecure file upload, which directly contributes to Broken Access Control, the #1 security risk […]
Denis Zygann 0 Comments

SQL Injection in Java: Still a Threat — Here’s How to Stop It

In today’s connected world, data breaches are becoming alarmingly frequent, often caused by vulnerabilities in web applications. One of the most notorious and dangerous vulnerabilities is SQL Injection. In fact, Injection attacks (which include SQL Injection) are ranked #3 in the OWASP Top Ten 2021, highlighting how critical and widespread this problem remains—even after years of awareness. SQL Injection allows attackers […]
Denis Zygann 0 Comments

CVE-2021-44228 Log4Shell Vulnerability in SAP Commerce Cloud on Premise

A lot of companies face the issue with the Log4Shell vulnerability at the moment. It is possible to exploit the log4j library Version Apache log4j <= 2.14.1 and run any (malicious) code from a remote machine. Unfortunately, there is still no official answer from SAP, therefore I want to share my knowledge on how to […]
Denis Zygann 0 Comments

VirtualBox | Free Up Disk Space on Debian Guest

Do you know the feeling when a pop up comes up and reminds you to clean up your hard disk? Today, it happened to me and I checked the disk manager. I saw that my virtual machines use a lot of space. So I decided to clean them up and I want to show you […]
Denis Zygann 0 Comments

Git Secret Tutorial

git-secret is a tool to encrypt files. It helps you to give another person access to this file and to remove the access again. So it helps to keep secrets confidential and share the secrets between authorized people. Without such a tool you would need to keep the secrets out of your version control system […]
Denis Zygann 0 Comments

Git | How to use the revert command

Today, I want to describe how to revert a commit in Git. The revert command is usually used to “take back” a commit. For example, if a commit does not fix a bug, you can revert the commit and create a new commit that fixes the issue properly. Let’s create a small example. I create […]
Denis Zygann 0 Comments

Git | Moving Repository from BitBucket to GitHub

Moving a repository from BitBucket to GitHub is usually not a hard challenge. I will give you a step by step instruction to achieve your goal. With this instruction, you can also move in vice versa or to the repository of your choice. But you have to change the repository host and your user to […]
Denis Zygann 0 Comments
Next Page »