Posts tagged "Java"

Automatic scan for known vulnerabilities in dependencies

Last updated

When using third-party components (be it open source or not), we all know it’s a good practice to keep your frameworks and libraries up to date. This is also one of the spearhead in the OWASP Top 10 (2013 edition): A9 - Using Components with Known Vulnerabilities. To help you assess your projects status with regard to this, OWASP.org developed the tool Dependency Check. This tool is primarily intended code bases in Java, .NET, Ruby, Node.js, and Python. Integration with various build tools is also provided for.

Read more... →

Easily upgrade Java dependencies

Last updated

To start with a cliche: the Java ecosystem continues to develop at a high pace. Various open source frameworks releasing versions, sometimes even multiple versions at the same time. This may quickly turn into a risk But how to deal with it?

Basically, you have two options. We’ll take a typical Maven-project as an example, which uses Commons Lang 3. See the end of this post if you prefer Gradle over Maven.

Automatic upgrades

Maybe the simplest way is automatic upgrading. You can achieve this by not specifying an exact version of your dependency, but instead specify a version range. If you would normally have this snippet in your POM:

Read more... →

This method is likely to yield significantly better performance

Last updated

This week, I came across an interesting difference between the Java API documentation and its current implementation. A difference? Or is it just a matter of thorough reading?

If you look at the Javadoc for Double.valueOf(), you’ll find that it is likely to outperform the use of new Double(). Sounds good! And don’t we all ove it when we get a free performance boost?

However, examining the source code to see what causes this “significantly better space and time performance”, we find….

Read more... →