Safeguard
Tag

java

Safeguard articles tagged "java" — guides, analysis, and best practices for software supply chain and application security.

70 articles

Security Guides

Log4j Security Guide (2026)

Log4j is the most widely deployed Java logging library — and the source of Log4Shell, the defining supply-chain vulnerability of the decade. Here is how to run it safely in 2026.

Jul 5, 20266 min read
Security Guides

Gradle Dependency Security: Locking, Verification, and Version Catalogs

Secure Gradle builds in 2026 with dependency locking, cryptographic dependency verification, version catalogs, and reachability-aware CVE scanning.

Jul 4, 20265 min read
Security Guides

Jackson-databind Security Guide (2026)

Jackson-databind is the default JSON engine for the Java ecosystem — and the source of one of the longest deserialization CVE sagas in open source. Here is how to run it safely.

Jul 4, 20266 min read
Security Guides

Maven Dependency Security: Pinning, Verification, and Scanning

How to secure a Maven build in 2026 — pin versions, enforce convergence, verify artifacts, and scan the transitive tree that pom.xml never shows you.

Jul 3, 20265 min read
Vulnerability Analysis

Apache Struts (CVE-2017-5638) Explained: The OGNL Header That Breached Equifax

CVE-2017-5638 let attackers run commands on Apache Struts 2 servers through a crafted Content-Type header. It is the unpatched flaw behind the Equifax breach. Here is the OGNL mechanism.

Jul 2, 20265 min read
Buyer's Guides

Java Code Review Tools: An Honest 2026 Buyer's Guide

A balanced 2026 comparison of Java code review and static-analysis tools — SpotBugs with FindSecBugs, PMD, Error Prone, SonarQube, Semgrep, CodeQL — with honest tradeoffs and where Safeguard fits.

Jul 2, 20266 min read
Security Guides

Java Deserialization Vulnerabilities: How Gadget Chains Work and How to Stop Them

Native Java deserialization can turn a single readObject() call into remote code execution. Here's how gadget chains work and how to shut them down.

Jul 2, 20266 min read
Security Guides

Auditing Maven Dependencies with OWASP Dependency-Check

OWASP Dependency-Check is the classic way to scan Java and Maven projects against the NVD. Learn to run it, tame its false positives, and move beyond CPE matching.

Jul 2, 20266 min read
Security Guides

Spring Security Configuration Guide: The Modern SecurityFilterChain Approach

A practical Spring Security configuration guide for 2026 using the component-based SecurityFilterChain, method security, CSRF, CORS, and password encoding.

Jul 2, 20265 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965) Explained: RCE Through Spring Data Binding

CVE-2022-22965, Spring4Shell, let attackers write a JSP web shell to Spring MVC apps on JDK 9+ by abusing data binding. Here is the ClassLoader trick and the exact conditions required.

Jul 2, 20265 min read
Security Guides

Java Security Best Practices: A Lifecycle Approach for 2026

A practical, lifecycle-based guide to Java security in 2026 — covering input handling, cryptography, dependencies, and runtime hardening with real code.

Jul 1, 20266 min read
Security Guides

Spring Boot Security Best Practices: Hardening the Defaults

Spring Boot's convenience defaults can quietly widen your attack surface. Here's how to harden actuators, dependencies, and auto-configuration for 2026.

Jul 1, 20265 min read
java (Page 3) — Safeguard Blog