BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
محتوای ارائه شده توسط Foojay.io. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Foojay.io یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه Foojay.io, the Friends Of OpenJDK!
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Best Business Podcast (Gold), British Podcast Awards 2023 How do you build a fully electric motorcycle with no compromises on performance? How can we truly experience what the virtual world feels like? What does it take to design the first commercially available flying car? And how do you build a lightsaber? These are some of the questions this podcast answers as we share the moments where digital transforms physical, and meet the brilliant minds behind some of the most innovative products a ...
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
The internet is broken—but it doesn’t have to be. If you’re concerned about how surveillance, online advertising, and automated content moderation are hurting us online and offline, the Electronic Frontier Foundation’s How to Fix the Internet podcast offers a better way forward. EFF has been defending your rights online for over thirty years and is behind many of the biggest digital rights protections since the invention of the internet. Through curious conversations with some of the leading ...
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
How Java Developers Can Secure Their Code (#58)
Manage episode 442378597 series 3366865
محتوای ارائه شده توسط Foojay.io. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Foojay.io یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.
Guests
Jonathan Vila
https://www.linkedin.com/in/jonathanvila/
https://about.me/jonathan.vila
https://twitter.com/jonathan_vila
Brian Vermeer
https://www.linkedin.com/in/brianvermeer/
https://brianvermeer.nl/
https://twitter.com/BrianVerm
Erik Costlow
https://www.linkedin.com/in/costlow/
https://twitter.com/costlow
Content
00:00 Introduction of topic and guests
01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay
19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY
39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/
54:29 Conclusions
72 قسمت
اشتراک گذاری
Manage episode 442378597 series 3366865
محتوای ارائه شده توسط Foojay.io. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Foojay.io یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.
Guests
Jonathan Vila
https://www.linkedin.com/in/jonathanvila/
https://about.me/jonathan.vila
https://twitter.com/jonathan_vila
Brian Vermeer
https://www.linkedin.com/in/brianvermeer/
https://brianvermeer.nl/
https://twitter.com/BrianVerm
Erik Costlow
https://www.linkedin.com/in/costlow/
https://twitter.com/costlow
Content
00:00 Introduction of topic and guests
01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay
19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY
39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/
54:29 Conclusions
72 قسمت
Minden epizód
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه Foojay.io, the Friends Of OpenJDK!
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Best Business Podcast (Gold), British Podcast Awards 2023 How do you build a fully electric motorcycle with no compromises on performance? How can we truly experience what the virtual world feels like? What does it take to design the first commercially available flying car? And how do you build a lightsaber? These are some of the questions this podcast answers as we share the moments where digital transforms physical, and meet the brilliant minds behind some of the most innovative products a ...
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
The internet is broken—but it doesn’t have to be. If you’re concerned about how surveillance, online advertising, and automated content moderation are hurting us online and offline, the Electronic Frontier Foundation’s How to Fix the Internet podcast offers a better way forward. EFF has been defending your rights online for over thirty years and is behind many of the biggest digital rights protections since the invention of the internet. Through curious conversations with some of the leading ...
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
