Tag
bean-validation
Safeguard articles tagged "bean-validation" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
Using Jakarta Bean Validation correctly: a defensive walkthrough
Jakarta Bean Validation stops malformed input, not attackers — a 2025 Hibernate Validator EL-injection flaw (CVSS 7.3) shows what goes wrong when teams conflate the two.
Jul 13, 20267 min read
Application Security
Robust input validation in Spring Boot: Bean Validation and its bypasses
Bean Validation (JSR-380) looks like a solved problem in Spring Boot, but nested DTOs, list elements, and unannotated service methods routinely skip validation silently.
Jul 8, 20266 min read
Application Security
A guide to input validation with Spring Boot
Spring Boot doesn't validate input by default. Here's how Bean Validation actually works, where teams get it wrong, and how missing validation leads to injection and mass assignment.
May 25, 20266 min read