Tag: Java

Java Deserialization Attacks: Understanding and Preventing a Silent Killer

Most developers think of SQL injection, cross-site scripting, or authentication flaws when building secure Java applications. But lurking in the background is a critical, subtle and dangerous vulnerability: deserialization attacks. In fact, this class of issues is recognised by OWASP as part of the Top 10:2021 security risks, specifically under #8: Software and Data Integrity […]
Denis Zygann 0 Comments

Understanding XXE Attacks in Java: A Hidden Risk in XML Processing

Security misconfiguration ranks as #5 in the OWASP Top 10 (2021) — and XML External Entity (XXE) vulnerabilities are a textbook example of this issue. While XML remains a foundational data format in many Java applications, improper configuration of XML parsers can expose serious security holes. XXE attacks are often overlooked but can lead to […]
Denis Zygann 0 Comments

Path Traversal via File Upload in Java: What You Need to Know

File uploads are a common feature in many web applications, but they can be a serious security risk if not handled properly. One of the lesser-known (but highly dangerous) vulnerabilities is Path Traversal via File Upload. It’s a variation of an insecure file upload, which directly contributes to Broken Access Control, the #1 security risk […]
Denis Zygann 0 Comments

What are Java 8 Streams

Streams are a sequence of elements from a source like collections which supports aggregate operations. They have been introduced in Java 8 and they are providing a functional programming interface, which follows the Monad design pattern. Basically, it gets rid of the iteration boilerplate code and creates a chain of query methods to get the […]
Denis Zygann 0 Comments

Java 8 Interface – Default and static methods

Since Java 8 it’s possible to add default and static methods in interfaces. Due to the new methods, it’s not necessary to implement the method in every class. The interface provides the implementation already. In previous versions, an interface could have abstracts methods only. Default Method The default method has the default signature. It provides […]
Denis Zygann 0 Comments

Jersey Injection Facade

In version 2.26 Jersey started to make their codebase independent of any injection framework. This means that the user has to provide the injection framework, which should be used. The h2k injection framework is completely supported, other frameworks as CDI or guice will follow. Therefore it could be that you run into the following issue […]
Denis Zygann 0 Comments