java
Safeguard articles tagged "java" — guides, analysis, and best practices for software supply chain and application security.
70 articles
Log4j Security Guide (2026)
Log4j is the most widely deployed Java logging library — and the source of Log4Shell, the defining supply-chain vulnerability of the decade. Here is how to run it safely in 2026.
Gradle Dependency Security: Locking, Verification, and Version Catalogs
Secure Gradle builds in 2026 with dependency locking, cryptographic dependency verification, version catalogs, and reachability-aware CVE scanning.
Jackson-databind Security Guide (2026)
Jackson-databind is the default JSON engine for the Java ecosystem — and the source of one of the longest deserialization CVE sagas in open source. Here is how to run it safely.
Maven Dependency Security: Pinning, Verification, and Scanning
How to secure a Maven build in 2026 — pin versions, enforce convergence, verify artifacts, and scan the transitive tree that pom.xml never shows you.
Apache Struts (CVE-2017-5638) Explained: The OGNL Header That Breached Equifax
CVE-2017-5638 let attackers run commands on Apache Struts 2 servers through a crafted Content-Type header. It is the unpatched flaw behind the Equifax breach. Here is the OGNL mechanism.
Java Code Review Tools: An Honest 2026 Buyer's Guide
A balanced 2026 comparison of Java code review and static-analysis tools — SpotBugs with FindSecBugs, PMD, Error Prone, SonarQube, Semgrep, CodeQL — with honest tradeoffs and where Safeguard fits.
Java Deserialization Vulnerabilities: How Gadget Chains Work and How to Stop Them
Native Java deserialization can turn a single readObject() call into remote code execution. Here's how gadget chains work and how to shut them down.
Auditing Maven Dependencies with OWASP Dependency-Check
OWASP Dependency-Check is the classic way to scan Java and Maven projects against the NVD. Learn to run it, tame its false positives, and move beyond CPE matching.
Spring Security Configuration Guide: The Modern SecurityFilterChain Approach
A practical Spring Security configuration guide for 2026 using the component-based SecurityFilterChain, method security, CSRF, CORS, and password encoding.
Spring4Shell (CVE-2022-22965) Explained: RCE Through Spring Data Binding
CVE-2022-22965, Spring4Shell, let attackers write a JSP web shell to Spring MVC apps on JDK 9+ by abusing data binding. Here is the ClassLoader trick and the exact conditions required.
Java Security Best Practices: A Lifecycle Approach for 2026
A practical, lifecycle-based guide to Java security in 2026 — covering input handling, cryptography, dependencies, and runtime hardening with real code.
Spring Boot Security Best Practices: Hardening the Defaults
Spring Boot's convenience defaults can quietly widen your attack surface. Here's how to harden actuators, dependencies, and auto-configuration for 2026.