Security in Java, what do we need to know and how to keep our applications secure (#7)

For this Foojay Podcast, we invited security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications. How can you make and keep your systems safe? That's what we want to find out... GuestsSteve Poole (Sonatype, @spool167)Brian Vermeer (Snyk, @BrianVerm, @[email protected]) Anastasiia Voitova (Cossack Labs, @vixentael, @[email protected])Podcast hostErik Costlow (Azul, @costlow, @[email protected])Content00'00 Short intro and music00'15 Introduction about the topic of this podcast00'31 Introduction of the guests and host02'40 Foojay article written by Brain about dependencies https://foojay.io/today/best-practices-for-managing-java-dependencies/ 05'02 XML parsers in Java05'55 "The more the merrier" versus "The less the better"06'30 Foojay article written by Brain about  the role of Data Transfer Objects in securityhttps://foojay.io/today/how-to-use-java-dtos-to-stay-secure/ 09'10 Extending on DTOs: encryption in data provisioning11'10 Database entities versus DTOs and serialization12'25 Developers need to be trained more on security and take responsibility13'50 Don't design your own security solutionhttps://www.cossacklabs.com/blog/cryptographic-failures-in-rf-encryption/16'58 Cryptograpic dad joke... ;-)17'40 What are CVEs (Common Vulnerabilities and Exposures)20'40 Security in the layers of a Java environmenthttps://imagetragick.com/ 24'50 JAR signing26'40 CWE with the W of Weaknesses and OWASPhttps://owasp.org/www-project-top-ten/https://www.exploit-db.com/29'40 How to evaluate vulnerability scoreshttps://foojay.io/today/java-security-log4j-the-securitymanager-and-funding/31'23 CVEs as Pokemon, "You gotta catch them all" workshop32'20 How to be able to fix vulnerabilities33'57 About the recent  critical SSL vulnerability36'02 Libraries are linked (integrated) into a Java projecthttps://github.com/quarkusio/quarkus/issues/1490438'15 Security is an educational thing and understand your tools39'90 Role of the different players in a team46'32 Can the JVM itself be more secure49'44 Make the JVM aware of vulnerable code 51'10 Security insights in IoT deviceshttps://www.cossacklabs.com/case-studies/iiot-security-a-hive-and-a-queen/1h01'30 Developers should learn about defending depth1h02'10 Conclusion