dcsimg
Login | Register   
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


advertisement
 

Report: Buggy Java Components Leaving Enterprise Applications Insecure

A new Veracode study says 97 percent of Java apps have at least one vulnerability.


advertisement

WEBINAR:

On-Demand

Application Security Testing: An Integral Part of DevOps


Security vendor Veracode has released a new report which says that 97 percent of enterprise Java apps use at least one open source component with a known vulnerability. The most common is a vulnerable version of a component called Apache Commons Collections, which was in 25 percent of the applications studied.

"The Java deserialization vulnerability in Apache Commons Collections is an interesting example of an open-source, third-party component vulnerability, because it went from unknown to critical and highly exploitable, and because it was widely used in a variety of standard 'infrastructure' applications; web servers, application servers, CI servers," said the report. "It's worth noting that the issue was not just in the infrastructure applications, but in any application that uses Apache Commons Collections v.3.0 - 3.2.1 or 4.0. Addressing this vulnerability requires a broader response than just patching servers; it requires visibility into the component supply chain for all your applications."

View article



   
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date