The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Content provided by Foojay.io. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Foojay.io or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Foojay.io, the Friends Of OpenJDK!
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
How Java Developers Can Secure Their Code (#58)
Manage episode 442378597 series 3366865
Content provided by Foojay.io. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Foojay.io or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.
Guests
Jonathan Vila
https://www.linkedin.com/in/jonathanvila/
https://about.me/jonathan.vila
https://twitter.com/jonathan_vila
Brian Vermeer
https://www.linkedin.com/in/brianvermeer/
https://brianvermeer.nl/
https://twitter.com/BrianVerm
Erik Costlow
https://www.linkedin.com/in/costlow/
https://twitter.com/costlow
Content
00:00 Introduction of topic and guests
01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay
19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY
39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/
54:29 Conclusions
63 episodes
Share
Manage episode 442378597 series 3366865
Content provided by Foojay.io. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Foojay.io or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Three years after Log4Shell caused a significant security issue, we still struggle with insecure dependencies and injection problems. In this podcast, we'll discuss how developers can secure their code. I talked with three authors who posted a security and code quality post on Foojay.io.
Guests
Jonathan Vila
https://www.linkedin.com/in/jonathanvila/
https://about.me/jonathan.vila
https://twitter.com/jonathan_vila
Brian Vermeer
https://www.linkedin.com/in/brianvermeer/
https://brianvermeer.nl/
https://twitter.com/BrianVerm
Erik Costlow
https://www.linkedin.com/in/costlow/
https://twitter.com/costlow
Content
00:00 Introduction of topic and guests
01:35 Brian: Why is Log4Shell still around?
https://foojay.io/today/the-persistent-threat-why-major-vulnerabilities-like-log4shell-and-spring4shell-remain-significant/
03:24 Outdated dependencies are still used a lot
04:31 Who is responsible for dependency updates?
07:55 Snyk tools to help discover issues
10:15 Comparing to Dependabot
11:21 How to keep dependencies up-to-date
14:32 Responsibility to use dependencies with care
17:17 Looking forward to the JFall conference
18:48 About Foojay
19:49 Jonathan: Is SQL injection still a problem?
https://foojay.io/today/top-security-flaws-hiding-in-your-code-right-now-and-how-to-fix-them/
24:50 Deserialization injection
27:30 Logging injection
31:22 Even experienced developers make mistakes
33:17 About Sonar tools
35:53 Other articles by Jonathan
https://foojay.io/today/author/jonathan-vila/
https://foojay.io/today/ensuring-the-right-usage-of-java-21-new-features/
38:20 Other security tools
https://www.youtube.com/watch?v=-wVCYj8oQUY
39:47 Erik: Trash Pandas are attracted by unused code
https://foojay.io/today/trash-pandas-love-enterprise-java-garbage-code/
43:01 How bad are insecure but unused libraries?
45:16 Problem of code only used by unit tests
47:15 Testing in different layers (develop, test, production)
49:31 How much code is not used in production?
50:31 How code becomes unused
https://foojay.io/today/foojay-podcast-57/
54:29 Conclusions
63 episodes
Alle episoder
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Foojay.io, the Friends Of OpenJDK!
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
