Java NIO on Sven Rupperthttps://sven-ruppert.info/tags/java-nio/Recent content in Java NIO on Sven RuppertHugo -- gohugo.ioensven.ruppert@gmail.com (Sven Ruppert)sven.ruppert@gmail.com (Sven Ruppert)© 2026 Sven RuppertMon, 07 Oct 2024 17:57:36 +0000Understanding TOCTOU (Time-of-Check to Time-of-Use) in the Context of CWE-377https://sven-ruppert.info/posts/understanding-toctou-time-of-check-to-time-of-use-in-the-context-of-cwe-377/Mon, 07 Oct 2024 17:57:36 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/understanding-toctou-time-of-check-to-time-of-use-in-the-context-of-cwe-377/<p>Building on the discussion of “CWE-377: Insecure Temporary File”, it’s essential to delve deeper into one of the most insidious vulnerabilities that can arise in this context—TOCTOU (Time-of-Check to Time-of-Use) race conditions. TOCTOU vulnerabilities occur when there is a time gap between verifying a resource (such as a file) and its subsequent use. Malicious actors can exploit this gap, especially in temporary file scenarios, leading to serious security breaches. This follow-up article will explore how TOCTOU conditions manifest in software, particularly in managing temporary files, and discuss strategies to mitigate these risks to ensure robust and secure application development.</p>CWE-22: Best practices to use Java NIOhttps://sven-ruppert.info/posts/cwe-22-best-practices-to-use-java-nio/Wed, 22 May 2024 10:30:27 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/cwe-22-best-practices-to-use-java-nio/<p>In today&rsquo;s digital landscape, ensuring the security of your applications is paramount. One critical vulnerability developers must guard against is CWE-22, Path Traversal. This vulnerability can allow attackers to access files and directories outside the intended scope, potentially leading to unauthorised access and data breaches.</p>CWE-22: Improper Limitation of a Pathname to a Restricted Directoryhttps://sven-ruppert.info/posts/cwe-22-improper-limitation-of-a-pathname-to-a-restricted-directory/Tue, 21 May 2024 14:33:53 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/cwe-22-improper-limitation-of-a-pathname-to-a-restricted-directory/<p>CWE-22, commonly called &ldquo;Path Traversal,&rdquo; is a vulnerability when an application fails to appropriately limit the paths users can access through a user-provided input. This can allow attackers to access directories and files outside the intended directory, leading to unauthorised access and potential system compromise. This vulnerability is particularly significant in Java applications due to the ubiquitous use of file handling and web resources. This document will delve into the nature of CWE-22, its implications, exploitation methods, and, most importantly, strategies to mitigate such vulnerabilities in Java applications.</p>