Everyone knows the importance of software security in the Java world. A successful attack against an application can result in a wide spectrum of negative consequences, including the cost of a business interruption, the cost of stolen or compromised data, and a damage to the reputation.
Considering a huge and still-growing technology stack used in the average enterprise application, it is extremely difficult for developers to be aware of security aspects of each and every library in their stacks. This talk presents a summary of security vulnerabilities found in popular open-source Java frameworks. We discuss such security issues like code injections, XSS, information leakage, and others. The presented open-source projects include a dependency-injection framework, web frameworks, JPA providers, and application servers.
Video producer: JDD Conference