Table of Contents VideoPodcast (Audio only)Content On May 13th and 14th, Foojay attended the JCON conference in Köln, Germany, where we did over 30 live-stream interviews. In this episode, we present to you the first set of these interviews, in …
-
What is RAG, and How to Secure It
Table of Contents Why use RAGHow RAG Works1. Retrieval2. GenerationSecurity implications of using RAGPrompt injection through retrieved contentData poisoningAccess control gaps in retrievalLeaking PII to third-party modelsCaching risks and session bleedContradictory or low-quality informationProactive and remediation strategies for securing RAGSanitize …
-
Path Traversal Vulnerability in Deep Java Library (DJL) and Its Impact on Java AI Development
Table of Contents CVE-2025-0851 explainedAbsolute Path TraversalRemediation Deep Java Library (DJL) is an open source deep learning framework that brings AI capabilities to Java developers without requiring a shift to Python. It provides an intuitive, high-level API for building, training, …
-
Creating SBOMs with the Snyk CLI
Table of Contents What are SBOMs?Why do we need SBOMs?Creating SBOMs with the Snyk CLIInstalling the Snyk CLIGenerate SBOMs using the Snyk CLIMultiple projectsAutomating SBOM generation with the Snyk CLIAnalyzing SBOMsSnyk CLI SBOM TestSupplying up-to-date SBOMs with Snyk The software …
-
Foojay Podcast #58: How Java Developers Can Secure Their Code
Table of Contents VideoPodcast (audio only)GuestsJonathan VilaBrian VermeerErik CostlowContent Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we’ll discuss how developers can secure their code. I talked …
-
The Persistent Threat: Why Major Vulnerabilities Like Log4Shell and Spring4Shell Remain Significant
Table of Contents The developer’s dilemmaThe current state of Log4shellMore than 20% of companies are still vulnerable to Log4shell.Spring4Shell in the wildWakeup call to all who maintain applications This article was originally published at Snyk.io As developers, we’re constantly juggling …
-
Four Easy Ways to Analyze your Java and Kotlin Code for Security Problems
Nowadays, the security of your applications is just as important as the functionality they provide.
-
Securing Symmetric Encryption Algorithms in Java
Encryption is converting readable data or plaintext into unreadable data or ciphertext, ensuring that even if encrypted data is intercepted, it remains inaccessible to unauthorized individuals.
-
Handling security vulnerabilities in Spring Boot
Keeping your dependencies in check is crucial to ensure that your Spring Boot projects run smoothly and remain resilient in the face of ever-evolving threats.
-
Using JLink to create smaller Docker images for your Spring Boot Java application
An in-depth exploration of utilizing JLink to optimize Docker image sizes, enhancing application security and performance.
-
SnakeYaml 2.0: Solving the unsafe deserialization vulnerability
In December of last year, we reported CVE-2022-1471 to you. This unsafe deserialization problem could easily lead to arbitrary code execution.
