Post · BT Free Social

Post

Unicode isn’t “just encoding.” It’s an attack surface.

Invisible characters, BiDi overrides, and homograph attacks can break validation, spoof users, and corrupt data in Java apps.

This article shows how to defend Quarkus APIs properly—at the edge.

👉 https://www.the-main-thread.com/p/unicode-security-java-quarkus-input-validation

#Java #Quarkus #Security #Unicode #AppSec #SoftwareEngineering

Unicode Defense in Java: The Complete Guide

How invisible characters, homograph attacks, and BiDi overrides break production systems and how to stop them in Quarkus.

Jim DeLaHunt

@jdlh@mstdn.ca replied · 4 days ago

@myfear I agree, validation and sanitization should be effective, not overly simple. Also, you give an example, "The user sees taxes_codfdp.exe (looks like a harmless PDF)". Perhaps that should be the reverse, "taxes_codexe.pdf"?

BT Free Social

BT Free is a non-profit organization founded by @ozoned@btfree.social . It's goal is for digital privacy rights, advocacy and consulting. This goal will be attained by hosting open platforms to allow others to seamlessly join the Fediverse on moderated instances or by helping others join the Fediverse.

BT Free Social: About · Code of conduct · Privacy ·

Bonfire social · 1.0.1 no JS en

Automatic federation enabled