Safeguard
Tag

java-security

Safeguard articles tagged "java-security" — guides, analysis, and best practices for software supply chain and application security.

83 articles

Industry Analysis

Insecure deserialization attack

A precise breakdown of what is an insecure deserialization attack, how object injection and gadget chains work in Java and Python, and how to defend against them.

Feb 25, 20267 min read
AppSec

Securing Spring Security OAuth2 and JOSE Dependencies

spring-security-oauth2-jose sits at the center of many Java auth stacks, but the legacy project is deprecated and its JOSE/JWT dependencies carry their own patch history; here is how to assess and reduce the risk.

Feb 24, 20266 min read
Industry Analysis

Java Security Explained

Java security failures like Log4Shell exposed 3 billion devices — here's why Java's dependency depth makes it uniquely risky, and how to fix it fast.

Feb 24, 20268 min read
Vulnerability Analysis

Log4Shell (Log4j Vulnerability) Explained

A deep dive into Log4Shell (CVE-2021-44228): how the critical Log4j2 RCE flaw worked, its timeline, affected versions, and how to remediate it.

Feb 12, 20267 min read
Vulnerability Analysis

What is Spring4Shell

Spring4Shell (CVE-2022-22965) let attackers gain unauthenticated RCE on Java apps via Spring data binding. Here's the full breakdown and fix.

Feb 10, 20267 min read
Open Source Security

What is Maven Security

Maven security covers vulnerable dependencies, malicious plugins, and build-time risks in Java projects -- from Log4Shell to transitive dependency sprawl.

Feb 8, 20267 min read
Open Source Security

Maven Central dependency confusion and namespace collisio...

How Maven's groupId system and multi-repo resolution let attackers slip malicious packages into Java builds — and how to close the internal vs public repo gap.

Jan 29, 20267 min read
Open Source Security

Maven and Gradle dependency supply chain attacks in the J...

How attackers exploit Maven Central and the Gradle Plugin Portal — dependency confusion, malicious artifacts, and plugin takeovers — and how to defend Java builds.

Jan 22, 20267 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965): root cause and remote code...

Spring4Shell (CVE-2022-22965) let attackers manipulate Java class loaders via Spring data binding to achieve RCE on Tomcat-deployed apps. Root cause, timeline, and fixes.

Jan 22, 20269 min read
Regulatory Compliance

Spring Security misconfigurations and default credential ...

Default credentials, exposed Actuator endpoints, and missed filter rules: how spring security misconfiguration quietly exposes Java apps to breach.

Jan 21, 20267 min read
Vulnerability Analysis

Spring4Shell RCE in Spring Framework (CVE-2022-22965)

A deep dive into CVE-2022-22965 (Spring4Shell): the critical Spring Framework RCE, its exploitation chain, timeline, and how to remediate it fast.

Jan 18, 20267 min read
Vulnerability Analysis

Log4j second RCE bypass (CVE-2021-45046)

The Log4j 2.15.0 patch for Log4Shell was incomplete. CVE-2021-45046 shows how attackers bypassed it to achieve remote code execution.

Jan 18, 20267 min read
java-security (Page 3) — Safeguard Blog