Java

Vulnerabilities

Issued by: CSO

The Java programming language offers a seamless and elegant way to store and retrieve data. However, without proper input validation and safeguards in place, your application can be vulnerable to unsafe deserialization vulnerabilities. In a best-case scenario, deserialization vulnerabilities may simply cause data corruption or application crashes, leading to a denial of service (DoS) condition….

Malware & Threats

Issued by: Security Week

A Java-based web framework, Apache OFBiz is an open source enterprise resource planning (ERP) system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry. OFBiz is one of the platforms that was affected by a Java serialization vulnerability identified and reported in 2015,…

Vulnerabilities

Issued by: CIO Security

Java and Python FTP attacks can punch holes through firewalls

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

Application Security

Issued by: CIO Security

RASP rings in a new Java application security paradigm

Runtime Application Self Protection (RASP) is a next-generation cyber security technology designed to redress some of the weak points of application security. Unlike firewalls or code analysis, runtime-based technologies contain application data and contextual awareness, enabling them to be both precise and preemptive. In this article I introduce RASP. I’ll briefly compare RASP to other…