Secure Coding Practices on Sven Ruppert

Password Security: Why Hashing is Essential

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 29 Aug 2025 14:53:27 +0000

Password security is an often underestimated but critical topic in software development. Databases containing millions of user logins are repeatedly compromised - and shockingly, often, it turns out that passwords have been stored in plain text. This gives attackers direct access to sensitive account data and opens the door to identity theft, account takeovers and other attacks.

If hashCode() lies and equals() is helpless

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 06 Jun 2025 20:53:34 +0000

A deep look into Java’s HashMap traps – visually demonstrated with Vaadin Flow.

The silent danger in the standard library
#

The use of HashMap and HashSet is a common practice in everyday Java development. These data structures offer excellent performance for lookup and insert operations, as long as their fundamental assumptions are met. One of them is hashCode() of a key remains stable. But what if that’s not the case?

Creating a simple file upload/download application with Vaadin Flow

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 20 May 2025 17:34:15 +0000

Vaadin Flow is a robust framework for building modern web applications in Java, where all UI logic is implemented on the server side. In this blog post, we’ll make a simple file management application step by step that allows users to upload files, save them to the server, and download them again when needed. This is a great way to demonstrate how to build protection against CWE-22, CWE-377, and CWE-778 step by step.

Java Cryptography Architecture (JCA) - An Overview

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 03 Apr 2025 12:22:30 +0000

The Java Cryptography Architecture (JCA) is an essential framework within the Java platform that provides developers with a flexible and extensible interface for cryptographic operations. It is a central component of the Java Security API and enables platform-independent implementation of security-critical functions.

Cache Poisoning Attacks on Dependency Management Systems like Maven

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 13 Nov 2024 14:15:16 +0000

Cache poisoning on Maven Caches is a specific attack that targets how Maven Caches manages packages and dependencies in a software development process. It’s essential to understand how Maven works before we look at the details of cache poisoning.

What is CWE-1007: Insufficient visual discrimination of homoglyphs for you as a user?

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 04 Nov 2024 12:34:27 +0000

The world of cybersecurity is full of threats, many of which are surprisingly subtle and challenging to detect. One such threat is the problem of so-called homoglyphs. CWE-1007, also known as “Insufficient Visual Distinction of Homoglyphs Presented to User”, is a vulnerability often used by attackers to deceive and compromise your systems or data. In this blog article, you will get a deep insight into CWE-1007, understand its mechanisms, and how to protect yourself from such attacks. We will discuss examples, technical challenges, and best practices that can help you as a developer understand and mitigate this threat.

CWE-778: Lack of control over error reporting in Java

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 18 Oct 2024 14:07:20 +0000

Learn how inadequate control over error reporting leads to security vulnerabilities and how to prevent them in Java applications.
#

Safely handling error reports is a central aspect of software development, especially in safety-critical applications. CWE-778 describes a vulnerability caused by inadequate control over error reports. This post will analyse the risks associated with CWE-778 and show how developers can implement safe error-handling practices to avoid such vulnerabilities in Java programs.

Code security through unit testing: The role of secure coding practices in the development cycle

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 16 Oct 2024 22:17:04 +0000

Unit testing is an essential software development concept that improves code quality by ensuring that individual units or components of a software function correctly. Unit testing is crucial in Java, one of the most commonly used programming languages. This article will discuss what unit testing is, how it has evolved, and what tools and best practices have been established over the years.

Understanding TOCTOU (Time-of-Check to Time-of-Use) in the Context of CWE-377

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 07 Oct 2024 17:57:36 +0000

Building on the discussion of “CWE-377: Insecure Temporary File”, it’s essential to delve deeper into one of the most insidious vulnerabilities that can arise in this context—TOCTOU (Time-of-Check to Time-of-Use) race conditions. TOCTOU vulnerabilities occur when there is a time gap between verifying a resource (such as a file) and its subsequent use. Malicious actors can exploit this gap, especially in temporary file scenarios, leading to serious security breaches. This follow-up article will explore how TOCTOU conditions manifest in software, particularly in managing temporary files, and discuss strategies to mitigate these risks to ensure robust and secure application development.

CWE-1123: Excessive Use of Self-Modifying Code for Java Developers

sven.ruppert@gmail.com (Sven Ruppert) — Thu, 12 Sep 2024 11:19:19 +0000

Self-modifying code refers to a type of code that alters its own instructions while it is executing. While this practice can offer certain advantages, such as optimisation and adaptability, it is generally discouraged due to the significant risks and challenges it introduces. For Java developers, using self-modifying code is particularly problematic because it undermines the codebase’s predictability, readability, and maintainability, and Java as a language does not natively support self-modification of its code.

CWE-377 - Insecure Temporary File in Java

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 21 Aug 2024 13:17:12 +0000

In software development, temporary files are often used to store data temporarily during an application’s execution. These files may contain sensitive information or be used to hold data that must be processed or passed between different parts of a program. However, if these temporary files are not managed securely, they can introduce vulnerabilities that may compromise the application’s confidentiality, integrity, or availability. The Common Weakness Enumeration (CWE) identified CWE-377 as a weakness associated with the insecure creation and management of temporary files.

CWE-22: Best practices to use Java NIO

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 22 May 2024 10:30:27 +0000

In today’s digital landscape, ensuring the security of your applications is paramount. One critical vulnerability developers must guard against is CWE-22, Path Traversal. This vulnerability can allow attackers to access files and directories outside the intended scope, potentially leading to unauthorised access and data breaches.

CWE-22: Improper Limitation of a Pathname to a Restricted Directory

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 21 May 2024 14:33:53 +0000

CWE-22, commonly called “Path Traversal,” is a vulnerability when an application fails to appropriately limit the paths users can access through a user-provided input. This can allow attackers to access directories and files outside the intended directory, leading to unauthorised access and potential system compromise. This vulnerability is particularly significant in Java applications due to the ubiquitous use of file handling and web resources. This document will delve into the nature of CWE-22, its implications, exploitation methods, and, most importantly, strategies to mitigate such vulnerabilities in Java applications.

CWE-416: Use After Free Vulnerabilities in Java

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 17 May 2024 12:17:30 +0000

CWE-416: Use After Free
#

Use After Free (UAF) is a vulnerability that occurs when a program continues to use a pointer after it has been freed. This can lead to undefined behaviour, including crashes, data corruption, and security vulnerabilities. The problem arises because the memory referenced by the pointer may be reallocated for other purposes, potentially allowing attackers to exploit the situation.

CWE-787 - The Bird-Eye View for Java Developers

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 15 May 2024 12:19:10 +0000

The term “CWE-787: Out-of-bounds Write " likely refers to a specific security vulnerability or error in software systems. Let’s break down what it means:

Out-of-bounds Write : This is a type of vulnerability where a program writes data outside the boundaries of pre-allocated fixed-length buffers. This can corrupt data, crash the program, or lead to the execution of malicious code.

Mastering Secure Error Handling in Java: Best Practices and Strategies

sven.ruppert@gmail.com (Sven Ruppert) — Tue, 07 May 2024 12:43:21 +0000

What is ErrorHandling?
#

Error handling refers to the programming practice of anticipating, detecting, and responding to exceptions or errors in software during its execution. Errors may occur for various reasons, such as invalid user inputs, hardware failures, or bugs in the code. Proper error handling helps ensure that the program can handle such situations gracefully by resolving the Error, compensating for it, or failing safely.

Decoding the Logs: Essential Insights for Effective Software Debugging

sven.ruppert@gmail.com (Sven Ruppert) — Mon, 06 May 2024 21:12:46 +0000

Logging is essential to software development, recording information about the software’s operation. This can help developers understand the system’s behaviour, troubleshoot issues, and monitor the system in production. Here’s a basic overview of logging in software development:

Secure Coding Practices - Access Control

sven.ruppert@gmail.com (Sven Ruppert) — Fri, 03 May 2024 10:41:23 +0000

Access control is a security measure that determines who can access resources or perform actions within a system. It involves defining and enforcing policies restricting unauthorised access while allowing authorised users to perform their intended tasks. Access control mechanisms are commonly used in various domains, including computer systems, buildings, and physical assets.

Serialising in Java - Birds Eye View

sven.ruppert@gmail.com (Sven Ruppert) — Sun, 11 Feb 2024 13:46:53 +0000

Serialisation in Java is implemented to convert the state of an object into a byte stream, which can be quickly persisted to a file or sent over a network. This process is essential for persisting object data, supporting network communication, and facilitating sharing of objects between different parts of a distributed system.

What is a Common Weakness Enumeration - CWE

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 10 Jan 2024 17:24:15 +0000

CWE stands for Common Weakness Enumeration. It is a community-developed list of software and hardware weakness types that can serve as a common language for describing, sharing, and identifying security vulnerabilities in software systems. CWE aims to provide a standardized way of identifying and categorizing vulnerabilities, making it easier for software developers, testers, and security professionals to discuss and address security issues.

Secure Coding Practices - Input Validation

sven.ruppert@gmail.com (Sven Ruppert) — Wed, 13 Dec 2023 07:52:24 +0000

What is - Input Validation?
#

Input validation is a process used to ensure that the data provided to a system or application meets specific criteria or constraints before it is accepted and processed. The primary goal of input validation is to improve the reliability and security of a system by preventing invalid or malicious data from causing errors or compromising the system’s integrity.