Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
Hammer cracking an egg
READ MORE

Java serialisation - The gift that keeps on taking (Part 3)

By Steve Poole on July 02, 2022 Cybersecurity

7 minute read time

Part 3 of our issues with Java serialisation shares a deep dive into gadget chains and denial of service attacks.
Read More...
READ MORE

Java serialization - The gift that keeps on taking (Part 2)

By Steve Poole on March 30, 2022 open source security

7 minute read time

Part two of our Java serialization series: the unexpected consequences of design and how the data stream can be compromised.
Read More...
An image of white gifts with red bows stacked on top of each other, to illustrate how Java Serialisation is the gift that keeps on giving
READ MORE

Java serialization - The gift that keeps on taking (Part 1)

By Steve Poole on March 11, 2022 java

6 minute read time

Log4Shell impels us to review the reasons Java needs serialisation, how to use it safely, and what other options exist. Here in part 1, we examine design.
Read More...