Java Security

Java security best practices

Java

Security

Default

Use in Builder All Java Options

Details

Language / Topic

Java

Rules

Java Security · balanced balanced

- Use prepared statements for all SQL queries — never concatenate user input into SQL strings to prevent injection.

- Validate and sanitize all external input at system boundaries with Bean Validation (`@Valid`, `@NotNull`, `@Size`).

- Store secrets in environment variables or a vault (HashiCorp Vault, AWS Secrets Manager) — never in source code or properties files committed to git.

- Use prepared statements (`PreparedStatement`) for all SQL.

- Validate input with Bean Validation annotations.

- Store secrets in env vars or vault, never in source code.

- Use `java.security.SecureRandom` for cryptographic operations.

- Enable CSRF protection in Spring Security for web apps.