{"id":9809,"date":"2026-01-22T12:21:12","date_gmt":"2026-01-22T10:21:12","guid":{"rendered":"https:\/\/the-s-unit.nl\/?page_id=9809"},"modified":"2026-01-22T13:13:40","modified_gmt":"2026-01-22T11:13:40","slug":"tsu-08-insecure-custom-java","status":"publish","type":"page","link":"https:\/\/the-s-unit.nl\/en\/tsu-08-insecure-custom-java\/","title":{"rendered":"TSU-08: Insecure Custom Java"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"9809\" class=\"elementor elementor-9809\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-aaa94ad elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"aaa94ad\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0427a99\" data-id=\"0427a99\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-434b2fe elementor-widget elementor-widget-heading\" data-id=\"434b2fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">The S-Unit Top 10<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8ea8deb elementor-widget elementor-widget-image\" data-id=\"8ea8deb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-300x300.png\" class=\"attachment-medium size-medium wp-image-9812\" alt=\"TSU-08: Insecure custom java\" srcset=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-300x300.png 300w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-1024x1024.png 1024w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-150x150.png 150w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-768x768.png 768w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-500x500.png 500w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-12x12.png 12w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-600x600.png 600w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12-100x100.png 100w, https:\/\/the-s-unit.nl\/wp-content\/uploads\/2026\/01\/The-S-unit-Top-10-Carousel-LinkedIn-Post-12.png 1080w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3ceb434 elementor-widget elementor-widget-heading\" data-id=\"3ceb434\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">TSU-08: Insecure custom Java<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9f2f3bf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9f2f3bf\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0f4929c\" data-id=\"0f4929c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b7ea66a elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"b7ea66a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>TSU-08 concerns security issues that arise from the unsafe use of custom Java code in Mendix applications. Mendix allows the standard functionality of the platform to be extended with Java code. This can be done, among other things, by:<\/p>\n<ul>\n<li>creating additional Java actions that are invoked from microflows<\/li>\n<li>creating new URL endpoints for integrations with external systems<\/li>\n<li>modifying existing Mendix functionality, such as the login process<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1fda450 elementor-widget elementor-widget-spacer\" data-id=\"1fda450\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-07f0866 elementor-widget elementor-widget-heading\" data-id=\"07f0866\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Java code requires greater responsibility <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03657df elementor-widget elementor-widget-text-editor\" data-id=\"03657df\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Java code runs at a lower technical level than Mendix low-code components, which means more responsibility lies with the developer to implement security measures correctly. This includes, for example:<\/p><ul><li>authentication<\/li><li>authorization<\/li><li>input validation and sanitization<\/li><\/ul><p><strong>Depending on what the Java code does, errors can lead to:<\/strong><\/p><ul><li>unauthorized read and write access to data<\/li><li>bypassing authentication mechanisms<\/li><li>in some cases, even direct access to the operating system or the file system<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d429f18 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d429f18\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bde79ee\" data-id=\"bde79ee\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-492a61b elementor-widget elementor-widget-heading\" data-id=\"492a61b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Best practices voor veilige custom Java in Mendix<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-acdef05 elementor-widget elementor-widget-text-editor\" data-id=\"acdef05\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>When adding custom Java code to a Mendix application, it is important to be familiar with both general web security issues (such as the OWASP Top 10) and how these translate to Mendix and the Mendix Core API.<\/p>\n<p>These best practices help with that:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ec33770 elementor-widget elementor-widget-heading\" data-id=\"ec33770\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">1. Use Java only where it is truly necessary<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8f87ce2 elementor-widget elementor-widget-text-editor\" data-id=\"8f87ce2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>Do not use Java code for functionality that can also be built using a microflow or a (REST) integration<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-370d83f elementor-widget elementor-widget-heading\" data-id=\"370d83f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">2. Correct handling of context (User, System, and Sudo)<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-82c660a elementor-widget elementor-widget-text-editor\" data-id=\"82c660a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>If you implement a Java action that is used from an authenticated context:\n<ul>\n<li>avoid using a System context for data and microflow interactions<\/li>\n<li>use the User context wherever possible, so that user permissions and access rules are correctly enforced<\/li>\n<\/ul>\n<\/li>\n<li>Does the Java code need to perform privileged actions on behalf of a logged-in user?\n<ul>\n<li>then use a Sudo context, so actions can still be traced back to the current user<\/li>\n<\/ul>\n<\/li>\n<li>When Java code uses a Sudo or System context\n<ul>\n<li>implement explicit authentication and authorization checks to prevent unauthorized access to data or microflows<\/li>\n<\/ul>\n<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c72240a elementor-widget elementor-widget-heading\" data-id=\"c72240a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">3. Secure processing of request data<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f493882 elementor-widget elementor-widget-text-editor\" data-id=\"f493882\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>When Java code retrieves data from the current request (such as the URL, HTTP body, or headers):\n<ul>\n<li>implement explicit validation and authorization checks to prevent injection attacks or unauthorized data access<\/li>\n<\/ul>\n<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f324f1a elementor-widget elementor-widget-heading\" data-id=\"f324f1a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">4. Secure XPath queries<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8d510dc elementor-widget elementor-widget-text-editor\" data-id=\"8d510dc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>When Java code retrieves data via XPath:\n<ul>\n<li>ensure that user input does not influence the structure of the query<\/li>\n<li>use Core.createXPathQuery with placeholders and setVariable<\/li>\n<\/ul>\n<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a20ba3e elementor-widget elementor-widget-heading\" data-id=\"a20ba3e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">5. Secure HTML-generation<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-793a5f6 elementor-widget elementor-widget-text-editor\" data-id=\"793a5f6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>Avoid generating HTML via string concatenation\n<ul>\n<li>If Java code must generate HTML, use a template engine that automatically encodes variables and user input<\/li>\n<\/ul>\n<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7934e0b elementor-widget elementor-widget-heading\" data-id=\"7934e0b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">6. Responsible use of third-party libraries<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b501365 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b501365\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dbef240\" data-id=\"dbef240\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-06c13e9 elementor-widget elementor-widget-text-editor\" data-id=\"06c13e9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>If your Java code uses third-party libraries (for example for XML parsing):\n<ul>\n<li>carefully read the library\u2019s documentation<\/li>\n<li>check which security best practices and known pitfalls apply<\/li>\n<\/ul>\n<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9943f5e elementor-widget elementor-widget-heading\" data-id=\"9943f5e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities within TSU-08<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a8545a2 elementor-widget elementor-widget-text-editor\" data-id=\"a8545a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>These are the most common risks associated with insecure custom Java.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fc9a17c premium-type-column elementor-widget elementor-widget-premium-icon-list\" data-id=\"fc9a17c\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;rbadges_repeater&quot;:[]}\" data-widget_type=\"premium-icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t<ul class=\"premium-bullet-list-box\">\n\t\t\t\t\n\t\t\t\t\t\t\t<li class=\"premium-bullet-list-content elementor-repeater-item-a242583\">\n\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-drawable-icon\"><i class=\"premium-svg-nodraw fas fa-times\" aria-hidden=\"true\"><\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-text\" data-text=\"\">  <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-list-desc\" data-text=\"Ongeautoriseerde toegang tot data door ontbrekende authenticatie\">Unauthorized access to data due to missing authentication<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<li class=\"premium-bullet-list-content elementor-repeater-item-e31d72a\">\n\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-drawable-icon\"><i class=\"premium-svg-nodraw fas fa-times\" aria-hidden=\"true\"><\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-text\" data-text=\"\">  <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-list-desc\" data-text=\"Ongeautoriseerde toegang tot data door ontbrekende autorisatie in System- of Sudo-context\">Unauthorized access to data due to missing authorization in a System or Sudo context<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<li class=\"premium-bullet-list-content elementor-repeater-item-4719d80\">\n\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-drawable-icon\"><i class=\"premium-svg-nodraw fas fa-times\" aria-hidden=\"true\"><\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-text\" data-text=\"\">  <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-list-desc\" data-text=\"Ongeautoriseerde toegang tot data via XPath-injectie\">Unauthorized access to data via XPath injection<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<li class=\"premium-bullet-list-content elementor-repeater-item-454fb3c\">\n\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-drawable-icon\"><i class=\"premium-svg-nodraw fas fa-times\" aria-hidden=\"true\"><\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-text\" data-text=\"\">  <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-list-desc\" data-text=\"Authenticatie-omzeiling via XPath-injectie\">Authentication bypass via XPath injection<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<li class=\"premium-bullet-list-content elementor-repeater-item-ef07b0f\">\n\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-drawable-icon\"><i class=\"premium-svg-nodraw fas fa-times\" aria-hidden=\"true\"><\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-text\" data-text=\"\">  <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-list-desc\" data-text=\"Cross-site scripting door onveilige HTML-generatie\">Cross-site scripting due to insecure HTML generation<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<li class=\"premium-bullet-list-content elementor-repeater-item-4e37c46\">\n\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-drawable-icon\"><i class=\"premium-svg-nodraw fas fa-times\" aria-hidden=\"true\"><\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-text\" data-text=\"\">  <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-list-desc\" data-text=\"Cross-site scripting door ontbrekende output-encoding\">Cross-site scripting due to missing output encoding<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<li class=\"premium-bullet-list-content elementor-repeater-item-a0fe540\">\n\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"premium-drawable-icon\"><i class=\"premium-svg-nodraw fas fa-times\" aria-hidden=\"true\"><\/i><\/div>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"premium-bullet-list-text-wrapper\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-text\" data-text=\"\">  <\/span>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"premium-bullet-list-desc\" data-text=\"Toegang tot het bestandssysteem door onveilig gebruik van XML-parsers\">Access to the file system due to unsafe use of XML parsers<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t<\/li>\n\n\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79558ed elementor-widget elementor-widget-heading\" data-id=\"79558ed\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Train your Mendix security skills<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4333459 elementor-widget elementor-widget-text-editor\" data-id=\"4333459\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Recognize and prevent vulnerabilities in Mendix at an early stage?\nExplore our updated Mendix security trainings based on The S-Unit Top 10.<br><\/p>\n<p><span lang=\"NL\"><o:p><\/o:p><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4b5658f elementor-widget elementor-widget-button\" data-id=\"4b5658f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"#\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Mendix trainings<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-067acb3 elementor-widget elementor-widget-spacer\" data-id=\"067acb3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6bd960f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6bd960f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-57d706d\" data-id=\"57d706d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d817b4f elementor-widget elementor-widget-heading\" data-id=\"d817b4f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Integrate The S-Unit Top 10 into your CI\/CD pipeline.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c0273f4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c0273f4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-31aa2aa\" data-id=\"31aa2aa\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-816ed96 elementor-widget elementor-widget-text-editor\" data-id=\"816ed96\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Want to know how your Mendix application scores against The S-Unit Top 10?\nIn collaboration with Omnext, we have developed a Mendix-specific SAST solution that continuously and automatically scans for vulnerabilities. By integrating The S-Unit Top 10 into the CI\/CD pipeline, risks are identified early and made immediately visible. Learn more about our collaboration with Omnext and the Mendix-specific SAST module.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-19ade86 elementor-widget elementor-widget-button\" data-id=\"19ade86\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/the-s-unit.nl\/en\/securitypartner-omnext\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Mendix specific SAST-module<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-64509a4 elementor-widget elementor-widget-spacer\" data-id=\"64509a4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>The S-Unit Top 10 TSU-08: Insecure custom Java TSU-08 gaat over beveiligingsproblemen die ontstaan door onveilig gebruik van custom Java-code in Mendix-applicaties. Mendix maakt het mogelijk om de standaardfunctionaliteit van het platform uit te breiden met Java-code. Dit kan onder andere door: het maken van extra Java actions die vanuit microflows worden aangeroepen het cre\u00ebren [&hellip;]<\/p>\n","protected":false},"author":17,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"footnotes":""},"class_list":["post-9809","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/pages\/9809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/comments?post=9809"}],"version-history":[{"count":10,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/pages\/9809\/revisions"}],"predecessor-version":[{"id":10220,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/pages\/9809\/revisions\/10220"}],"wp:attachment":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/media?parent=9809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}