webtechie.be_
~ / podcasts / podcast

Foojay Podcast #58: How Java Developers Can Secure Their Code

FR
Frank Delporte · Sep 30, 2024 · 1 min read

Three years after Log4Shell shook the Java world, the same class of problems keeps showing up in production code. Outdated dependencies, SQL injection, deserialization bugs, and forgotten dead code still bite teams that thought they were safe. In this conversation, we dig into the habits and tools that help developers ship safer Java. I host the episode with Brian Vermeer, and we talk with Jonathan Vila and Erik Costlow in Foojay Podcast #58.

What we talked about

  • Why Log4Shell still matters years after it landed
  • The real cost of running on outdated dependencies
  • Who owns dependency updates inside a team
  • Using Snyk and Dependabot to keep libraries current
  • SQL injection in modern Java code
  • Deserialization and logging injection attacks
  • The “Trash Pandas” metaphor for unused code that turns into a security risk
  • Testing the same code across different environments

What stood out

The conversation keeps coming back to one idea. Security is not a separate task you bolt on at the end. It lives in the small daily choices about dependencies, code you keep around, and the inputs you trust.

See the Foojay Podcast #58 for all info, shownotes, links, etc.

#podcast#foojay#java#security