In this article, we'll explain what gadget chains are and look at examples (with schemas) of how careless deserialization with native Java mechanisms can lead to remote code...
In this article, we talk about the OWASP Top Ten 2021 categories through the lens of PVS-Studio Java analyzer warnings. So, if you want to peek at patterns of potential vulnerabilities in Java...
Collecting, processing, and transferring data are key processes in IT. What if they break due to some tricky bugs in the code, though? In this article, we'll talk about errors detected by a...
Java continues to actively evolve! The new Java 25 is just around the corner. This release brings changes to boilerplate code and constructors, and discontinues support for deprecated systems...
This is a story of rewriting an application for DI containers, parsing dependencies, drawing schemas to avoid getting lost, and quietly praying to every possible deity that nothing suddenly...
Starting with PVS-Studio 7.38, the Java analyzer—just like its C# and C++ ones—now supports user annotations in JSON format. Why are they needed, and how can developers leverage them? We'll...
How does Java support dynamic calls? From slow reflection to the optimized MethodHandle and invokedynamic—let's explore the evolution of dynamism on the JVM and dive into how MethodHandle works...
A computer game written in Java is rare but always interesting. That's why we couldn't miss the opportunity to check the XMage project using a static analyzer. Let's explore what PVS-Studio...
From inception to conquering the Red Planet. This article explores Java's history: from its first steps and legal battles with Microsoft to essential tools every Java developer relies on...
Bugs in code are nothing new. Today, we're exploring not just some bugs, but cosmic bugs—literally! What does a NASA project have to hide? Get your tinfoil hats ready and let's...
