{"id":328,"date":"2025-12-06T05:55:00","date_gmt":"2025-12-06T05:55:00","guid":{"rendered":"https:\/\/harshad-sonawane.com\/blog\/?p=328"},"modified":"2025-11-15T17:47:30","modified_gmt":"2025-11-15T17:47:30","slug":"secure-code-practices-java-cloud-native-applications","status":"publish","type":"post","link":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/","title":{"rendered":"Secure Code Practices in Java for Cloud-Native Applications"},"content":{"rendered":"<p data-start=\"224\" data-end=\"563\">As organizations continue to modernize applications using <a href=\"https:\/\/harshad-sonawane.com\/blog\/build-high-performance-java-apis-using-grpc\/\">microservices<\/a>, containers, and managed cloud services, the attack surface expands significantly. Cloud-native <a href=\"https:\/\/harshad-sonawane.com\/blog\/reduce-cloud-costs-java-applications\/\">Java<\/a> applications\u2014running on platforms such as <a href=\"https:\/\/harshad-sonawane.com\/blog\/monitoring-java-applications-prometheus-grafana-kubernetes\/\">Kubernetes<\/a>, <a href=\"https:\/\/harshad-sonawane.com\/blog\/choosing-right-cloud-database-rds-dynamodb-aurora-documentdb\/\">AWS<\/a>, Azure, and GCP\u2014must embed security directly into the development lifecycle rather than bolting it on later.<\/p>\n<p data-start=\"565\" data-end=\"943\">Secure coding is not just about preventing vulnerabilities; it&#8217;s about building applications that remain resilient, predictable, and compliant as they scale. This guide explores essential secure coding practices tailored specifically for <strong data-start=\"803\" data-end=\"844\">Java-based cloud-native architectures<\/strong>, covering authentication, data protection, dependencies, API security, secrets handling, and more.<\/p>\n<hr data-start=\"945\" data-end=\"948\" \/>\n<h2 data-start=\"950\" data-end=\"1020\">Understanding Security Challenges in Cloud-Native Java Applications<\/h2>\n<p data-start=\"1022\" data-end=\"1177\">Cloud-native systems are designed for distributed execution, dynamic scaling, and frequent deployments. Security risks in this model typically emerge from:<\/p>\n<ul data-start=\"1179\" data-end=\"1480\">\n<li data-start=\"1179\" data-end=\"1225\">\n<p data-start=\"1181\" data-end=\"1225\">Increased number of microservice endpoints<\/p>\n<\/li>\n<li data-start=\"1226\" data-end=\"1287\">\n<p data-start=\"1228\" data-end=\"1287\">Use of third-party dependencies and open-source libraries<\/p>\n<\/li>\n<li data-start=\"1288\" data-end=\"1321\">\n<p data-start=\"1290\" data-end=\"1321\">Misconfigured cloud resources<\/p>\n<\/li>\n<li data-start=\"1322\" data-end=\"1387\">\n<p data-start=\"1324\" data-end=\"1387\">Sensitive data exposure in logs, configs, or container images<\/p>\n<\/li>\n<li data-start=\"1388\" data-end=\"1426\">\n<p data-start=\"1390\" data-end=\"1426\">Multi-tenant shared infrastructure<\/p>\n<\/li>\n<li data-start=\"1427\" data-end=\"1480\">\n<p data-start=\"1429\" data-end=\"1480\">Automated CI\/CD and runtime orchestration systems<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1482\" data-end=\"1638\">The goal of secure coding in this environment is to ensure <strong data-start=\"1541\" data-end=\"1561\">defense in depth<\/strong>, where multiple layers safeguard the application even if one is compromised.<\/p>\n<hr data-start=\"1640\" data-end=\"1643\" \/>\n<h1 data-start=\"1645\" data-end=\"1697\">1. Enforce Strong Authentication and Authorization<\/h1>\n<h3 data-start=\"1699\" data-end=\"1734\">Use Modern Identity Standards<\/h3>\n<p data-start=\"1735\" data-end=\"1813\">Cloud-native Java applications should integrate with identity providers using:<\/p>\n<ul data-start=\"1814\" data-end=\"1877\">\n<li data-start=\"1814\" data-end=\"1827\">\n<p data-start=\"1816\" data-end=\"1827\">OAuth 2.0<\/p>\n<\/li>\n<li data-start=\"1828\" data-end=\"1853\">\n<p data-start=\"1830\" data-end=\"1853\">OpenID Connect (OIDC)<\/p>\n<\/li>\n<li data-start=\"1854\" data-end=\"1862\">\n<p data-start=\"1856\" data-end=\"1862\">SAML<\/p>\n<\/li>\n<li data-start=\"1863\" data-end=\"1877\">\n<p data-start=\"1865\" data-end=\"1877\">JWT tokens<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1879\" data-end=\"1981\">Frameworks like <strong data-start=\"1895\" data-end=\"1914\"><a href=\"https:\/\/harshad-sonawane.com\/blog\/two-factor-authentication-java-applications\/\">Spring Security<\/a><\/strong>, <strong data-start=\"1916\" data-end=\"1927\">Quarkus<\/strong>, and <strong data-start=\"1933\" data-end=\"1955\">Micronaut Security<\/strong> provide built-in support.<\/p>\n<h3 data-start=\"1983\" data-end=\"2028\">Follow the Principle of Least Privilege<\/h3>\n<ul data-start=\"2029\" data-end=\"2251\">\n<li data-start=\"2029\" data-end=\"2082\">\n<p data-start=\"2031\" data-end=\"2082\">Assign minimal roles to users, services, and APIs<\/p>\n<\/li>\n<li data-start=\"2083\" data-end=\"2168\">\n<p data-start=\"2085\" data-end=\"2168\">Enforce role-based access control (RBAC) or attribute-based access control (ABAC)<\/p>\n<\/li>\n<li data-start=\"2169\" data-end=\"2251\">\n<p data-start=\"2171\" data-end=\"2251\">Restrict cross-microservice communication using service identity or mutual TLS<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"2253\" data-end=\"2283\">Token Security Practices<\/h3>\n<ul data-start=\"2284\" data-end=\"2399\">\n<li data-start=\"2284\" data-end=\"2311\">\n<p data-start=\"2286\" data-end=\"2311\">Avoid long-lived tokens<\/p>\n<\/li>\n<li data-start=\"2312\" data-end=\"2353\">\n<p data-start=\"2314\" data-end=\"2353\">Validate signatures and issuer claims<\/p>\n<\/li>\n<li data-start=\"2354\" data-end=\"2399\">\n<p data-start=\"2356\" data-end=\"2399\">Prefer asymmetric key signing (RSA\/ECDSA)<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"2401\" data-end=\"2404\" \/>\n<h1 data-start=\"2406\" data-end=\"2456\">2. Protect Sensitive Data at Rest and in Transit<\/h1>\n<h3 data-start=\"2458\" data-end=\"2492\">Transport Layer Security (TLS)<\/h3>\n<ul data-start=\"2493\" data-end=\"2624\">\n<li data-start=\"2493\" data-end=\"2530\">\n<p data-start=\"2495\" data-end=\"2530\">Enforce TLS 1.2+ for all services<\/p>\n<\/li>\n<li data-start=\"2531\" data-end=\"2561\">\n<p data-start=\"2533\" data-end=\"2561\">Disable weak cipher suites<\/p>\n<\/li>\n<li data-start=\"2562\" data-end=\"2624\">\n<p data-start=\"2564\" data-end=\"2624\">Use reverse proxy or service mesh for certificate rotation<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"2626\" data-end=\"2653\">Data Encryption at Rest<\/h3>\n<p data-start=\"2654\" data-end=\"2691\">Store sensitive data encrypted using:<\/p>\n<ul data-start=\"2692\" data-end=\"2755\">\n<li data-start=\"2692\" data-end=\"2703\">\n<p data-start=\"2694\" data-end=\"2703\">AWS KMS<\/p>\n<\/li>\n<li data-start=\"2704\" data-end=\"2723\">\n<p data-start=\"2706\" data-end=\"2723\">HashiCorp Vault<\/p>\n<\/li>\n<li data-start=\"2724\" data-end=\"2735\">\n<p data-start=\"2726\" data-end=\"2735\">GCP KMS<\/p>\n<\/li>\n<li data-start=\"2736\" data-end=\"2755\">\n<p data-start=\"2738\" data-end=\"2755\">Azure Key Vault<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2757\" data-end=\"2779\">For Java applications:<\/p>\n<ul data-start=\"2780\" data-end=\"2856\">\n<li data-start=\"2780\" data-end=\"2813\">\n<p data-start=\"2782\" data-end=\"2813\">Use JCE for custom encryption<\/p>\n<\/li>\n<li data-start=\"2814\" data-end=\"2856\">\n<p data-start=\"2816\" data-end=\"2856\">Avoid homegrown crypto implementations<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"2858\" data-end=\"2899\">Avoid Logging Sensitive Information<\/h3>\n<p data-start=\"2900\" data-end=\"2910\">Never log:<\/p>\n<ul data-start=\"2911\" data-end=\"2995\">\n<li data-start=\"2911\" data-end=\"2924\">\n<p data-start=\"2913\" data-end=\"2924\">Passwords<\/p>\n<\/li>\n<li data-start=\"2925\" data-end=\"2942\">\n<p data-start=\"2927\" data-end=\"2942\">Access tokens<\/p>\n<\/li>\n<li data-start=\"2943\" data-end=\"2962\">\n<p data-start=\"2945\" data-end=\"2962\">Secrets or keys<\/p>\n<\/li>\n<li data-start=\"2963\" data-end=\"2995\">\n<p data-start=\"2965\" data-end=\"2995\">PII or financial information<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2997\" data-end=\"3048\">Use structured logging and masking where necessary.<\/p>\n<hr data-start=\"3050\" data-end=\"3053\" \/>\n<h1 data-start=\"3055\" data-end=\"3098\">3. Secure Java Dependencies and Libraries<\/h1>\n<h3 data-start=\"3100\" data-end=\"3154\">Maintain a Strict Dependency Management Strategy<\/h3>\n<ul data-start=\"3155\" data-end=\"3311\">\n<li data-start=\"3155\" data-end=\"3202\">\n<p data-start=\"3157\" data-end=\"3202\">Use the latest stable versions of libraries<\/p>\n<\/li>\n<li data-start=\"3203\" data-end=\"3253\">\n<p data-start=\"3205\" data-end=\"3253\">Avoid unmaintained or unknown-origin libraries<\/p>\n<\/li>\n<li data-start=\"3254\" data-end=\"3311\">\n<p data-start=\"3256\" data-end=\"3311\">Pin dependency versions to avoid supply chain attacks<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"3313\" data-end=\"3349\">Enable Dependency Scanning Tools<\/h3>\n<p data-start=\"3350\" data-end=\"3376\">Recommended tools include:<\/p>\n<ul data-start=\"3377\" data-end=\"3456\">\n<li data-start=\"3377\" data-end=\"3403\">\n<p data-start=\"3379\" data-end=\"3403\">OWASP Dependency-Check<\/p>\n<\/li>\n<li data-start=\"3404\" data-end=\"3412\">\n<p data-start=\"3406\" data-end=\"3412\">Snyk<\/p>\n<\/li>\n<li data-start=\"3413\" data-end=\"3434\">\n<p data-start=\"3415\" data-end=\"3434\">GitHub Dependabot<\/p>\n<\/li>\n<li data-start=\"3435\" data-end=\"3456\">\n<p data-start=\"3437\" data-end=\"3456\">Sonatype Nexus IQ<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3458\" data-end=\"3569\">These tools identify vulnerabilities such as Log4Shell or outdated Spring modules before they reach production.<\/p>\n<hr data-start=\"3571\" data-end=\"3574\" \/>\n<h1 data-start=\"3576\" data-end=\"3613\">4. Secure API Development Practices<\/h1>\n<h3 data-start=\"3615\" data-end=\"3637\">Input Validation<\/h3>\n<p data-start=\"3638\" data-end=\"3672\">Validate user and API input using:<\/p>\n<ul data-start=\"3673\" data-end=\"3797\">\n<li data-start=\"3673\" data-end=\"3724\">\n<p data-start=\"3675\" data-end=\"3724\">Bean Validation (JSR-380 \/ Hibernate Validator)<\/p>\n<\/li>\n<li data-start=\"3725\" data-end=\"3760\">\n<p data-start=\"3727\" data-end=\"3760\">Whitelisting allowed characters<\/p>\n<\/li>\n<li data-start=\"3761\" data-end=\"3797\">\n<p data-start=\"3763\" data-end=\"3797\">Size limits on incoming payloads<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"3799\" data-end=\"3830\">Prevent Injection Attacks<\/h3>\n<ul data-start=\"3831\" data-end=\"3991\">\n<li data-start=\"3831\" data-end=\"3867\">\n<p data-start=\"3833\" data-end=\"3867\">Always use parameterized queries<\/p>\n<\/li>\n<li data-start=\"3868\" data-end=\"3916\">\n<p data-start=\"3870\" data-end=\"3916\">Avoid string concatenation in SQL statements<\/p>\n<\/li>\n<li data-start=\"3917\" data-end=\"3958\">\n<p data-start=\"3919\" data-end=\"3958\">Sanitize input data before processing<\/p>\n<\/li>\n<li data-start=\"3959\" data-end=\"3991\">\n<p data-start=\"3961\" data-end=\"3991\">Escape output to prevent XSS<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"3993\" data-end=\"4037\">Implement Rate Limiting and Throttling<\/h3>\n<p data-start=\"4038\" data-end=\"4042\">Use:<\/p>\n<ul data-start=\"4043\" data-end=\"4136\">\n<li data-start=\"4043\" data-end=\"4058\">\n<p data-start=\"4045\" data-end=\"4058\">API Gateway<\/p>\n<\/li>\n<li data-start=\"4059\" data-end=\"4083\">\n<p data-start=\"4061\" data-end=\"4083\">Service mesh filters<\/p>\n<\/li>\n<li data-start=\"4084\" data-end=\"4136\">\n<p data-start=\"4086\" data-end=\"4136\">Java-based filters (Servlet filters, Spring AOP)<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"4138\" data-end=\"4175\">This protects against DDoS and abuse.<\/p>\n<hr data-start=\"4177\" data-end=\"4180\" \/>\n<h1 data-start=\"4182\" data-end=\"4232\">5. Secrets Management and Configuration Security<\/h1>\n<p data-start=\"4234\" data-end=\"4301\">Hardcoding credentials is one of the most common security mistakes.<\/p>\n<h3 data-start=\"4303\" data-end=\"4352\">Use Secret Managers Instead of Config Files<\/h3>\n<p data-start=\"4353\" data-end=\"4392\">Use secure storage solutions such as:<\/p>\n<ul data-start=\"4393\" data-end=\"4528\">\n<li data-start=\"4393\" data-end=\"4416\">\n<p data-start=\"4395\" data-end=\"4416\">AWS Secrets Manager<\/p>\n<\/li>\n<li data-start=\"4417\" data-end=\"4436\">\n<p data-start=\"4419\" data-end=\"4436\">HashiCorp Vault<\/p>\n<\/li>\n<li data-start=\"4437\" data-end=\"4485\">\n<p data-start=\"4439\" data-end=\"4485\">Kubernetes Secrets (with encryption at rest)<\/p>\n<\/li>\n<li data-start=\"4486\" data-end=\"4505\">\n<p data-start=\"4488\" data-end=\"4505\">Azure Key Vault<\/p>\n<\/li>\n<li data-start=\"4506\" data-end=\"4528\">\n<p data-start=\"4508\" data-end=\"4528\">GCP Secret Manager<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"4530\" data-end=\"4559\">Never Store Secrets in:<\/h3>\n<ul data-start=\"4560\" data-end=\"4654\">\n<li data-start=\"4560\" data-end=\"4586\">\n<p data-start=\"4562\" data-end=\"4586\">application.properties<\/p>\n<\/li>\n<li data-start=\"4587\" data-end=\"4615\">\n<p data-start=\"4589\" data-end=\"4615\">YAML configuration files<\/p>\n<\/li>\n<li data-start=\"4616\" data-end=\"4636\">\n<p data-start=\"4618\" data-end=\"4636\">Git repositories<\/p>\n<\/li>\n<li data-start=\"4637\" data-end=\"4654\">\n<p data-start=\"4639\" data-end=\"4654\">Docker images<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"4656\" data-end=\"4686\">Rotate Secrets Regularly<\/h3>\n<p data-start=\"4687\" data-end=\"4769\">Automate secret rotation using CI\/CD pipelines or cloud-native vault integrations.<\/p>\n<hr data-start=\"4771\" data-end=\"4774\" \/>\n<h1 data-start=\"4776\" data-end=\"4822\">6. Secure Container and Deployment Practices<\/h1>\n<h3 data-start=\"4824\" data-end=\"4869\">Minimize Container Image Attack Surface<\/h3>\n<ul data-start=\"4870\" data-end=\"4994\">\n<li data-start=\"4870\" data-end=\"4921\">\n<p data-start=\"4872\" data-end=\"4921\">Use slim base images (e.g., Alpine, distroless)<\/p>\n<\/li>\n<li data-start=\"4922\" data-end=\"4958\">\n<p data-start=\"4924\" data-end=\"4958\">Avoid running containers as root<\/p>\n<\/li>\n<li data-start=\"4959\" data-end=\"4994\">\n<p data-start=\"4961\" data-end=\"4994\">Scan images with Trivy or Clair<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"4996\" data-end=\"5024\">Apply Network Policies<\/h3>\n<p data-start=\"5025\" data-end=\"5052\">If deploying to Kubernetes:<\/p>\n<ul data-start=\"5053\" data-end=\"5179\">\n<li data-start=\"5053\" data-end=\"5090\">\n<p data-start=\"5055\" data-end=\"5090\">Restrict pod-to-pod communication<\/p>\n<\/li>\n<li data-start=\"5091\" data-end=\"5115\">\n<p data-start=\"5093\" data-end=\"5115\">Limit egress traffic<\/p>\n<\/li>\n<li data-start=\"5116\" data-end=\"5179\">\n<p data-start=\"5118\" data-end=\"5179\">Implement mTLS through service meshes like Istio or Linkerd<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"5181\" data-end=\"5212\">Use Read-Only Filesystems<\/h3>\n<p data-start=\"5213\" data-end=\"5272\">Prevent tampering by disabling write access where possible.<\/p>\n<hr data-start=\"5274\" data-end=\"5277\" \/>\n<h1 data-start=\"5279\" data-end=\"5328\">7. Implement Observability and Runtime Security<\/h1>\n<h3 data-start=\"5330\" data-end=\"5360\">Enable Security Auditing<\/h3>\n<p data-start=\"5361\" data-end=\"5367\">Track:<\/p>\n<ul data-start=\"5368\" data-end=\"5476\">\n<li data-start=\"5368\" data-end=\"5395\">\n<p data-start=\"5370\" data-end=\"5395\">Authentication attempts<\/p>\n<\/li>\n<li data-start=\"5396\" data-end=\"5422\">\n<p data-start=\"5398\" data-end=\"5422\">Authorization failures<\/p>\n<\/li>\n<li data-start=\"5423\" data-end=\"5448\">\n<p data-start=\"5425\" data-end=\"5448\">Configuration changes<\/p>\n<\/li>\n<li data-start=\"5449\" data-end=\"5476\">\n<p data-start=\"5451\" data-end=\"5476\">Suspicious API patterns<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"5478\" data-end=\"5512\">Use Runtime Protection Tools<\/h3>\n<p data-start=\"5513\" data-end=\"5524\">Examples:<\/p>\n<ul data-start=\"5525\" data-end=\"5595\">\n<li data-start=\"5525\" data-end=\"5542\">\n<p data-start=\"5527\" data-end=\"5542\">AWS GuardDuty<\/p>\n<\/li>\n<li data-start=\"5543\" data-end=\"5570\">\n<p data-start=\"5545\" data-end=\"5570\">Aqua Runtime Protection<\/p>\n<\/li>\n<li data-start=\"5571\" data-end=\"5595\">\n<p data-start=\"5573\" data-end=\"5595\">Falco for Kubernetes<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"5597\" data-end=\"5647\">Integrate alerts with Slack, email, or SIEM tools.<\/p>\n<hr data-start=\"5649\" data-end=\"5652\" \/>\n<h1 data-start=\"5654\" data-end=\"5700\">8. Add Automated Security to CI\/CD Pipelines<\/h1>\n<p data-start=\"5702\" data-end=\"5782\">Shift security left by integrating tools directly into the development pipeline.<\/p>\n<h3 data-start=\"5784\" data-end=\"5807\">Recommended Tools<\/h3>\n<ul data-start=\"5808\" data-end=\"6040\">\n<li data-start=\"5808\" data-end=\"5854\">\n<p data-start=\"5810\" data-end=\"5854\">Static Application Security Testing (SAST)<\/p>\n<\/li>\n<li data-start=\"5855\" data-end=\"5893\">\n<p data-start=\"5857\" data-end=\"5893\">Dynamic Application Testing (DAST)<\/p>\n<\/li>\n<li data-start=\"5894\" data-end=\"5956\">\n<p data-start=\"5896\" data-end=\"5956\">Infrastructure-as-Code scanning (Checkov, Terraform Cloud)<\/p>\n<\/li>\n<li data-start=\"5957\" data-end=\"5999\">\n<p data-start=\"5959\" data-end=\"5999\">Container image scanning before deploy<\/p>\n<\/li>\n<li data-start=\"6000\" data-end=\"6040\">\n<p data-start=\"6002\" data-end=\"6040\">Policy-as-code using OPA or Conftest<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"6042\" data-end=\"6069\">Example Pipeline Checks<\/h3>\n<ul data-start=\"6070\" data-end=\"6207\">\n<li data-start=\"6070\" data-end=\"6103\">\n<p data-start=\"6072\" data-end=\"6103\">Dependency vulnerability scan<\/p>\n<\/li>\n<li data-start=\"6104\" data-end=\"6125\">\n<p data-start=\"6106\" data-end=\"6125\">Secrets detection<\/p>\n<\/li>\n<li data-start=\"6126\" data-end=\"6149\">\n<p data-start=\"6128\" data-end=\"6149\"><a href=\"https:\/\/harshad-sonawane.com\/blog\/technical-debt-assessment-legacy-java-systems\/\">Code quality<\/a> checks<\/p>\n<\/li>\n<li data-start=\"6150\" data-end=\"6172\">\n<p data-start=\"6152\" data-end=\"6172\">License compliance<\/p>\n<\/li>\n<li data-start=\"6173\" data-end=\"6207\">\n<p data-start=\"6175\" data-end=\"6207\">Container hardening validation<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"6209\" data-end=\"6212\" \/>\n<h1 data-start=\"6214\" data-end=\"6226\">Conclusion<\/h1>\n<p data-start=\"6228\" data-end=\"6607\">Modern cloud-native Java applications demand a holistic approach to security that begins at the code level and extends throughout deployment and operations. By integrating secure coding practices\u2014covering authentication, encryption, dependency hygiene, secrets management, API protection, and runtime security\u2014you build applications that are resilient, scalable, and trustworthy.<\/p>\n<p data-start=\"6609\" data-end=\"6720\">Security is not a one-time effort but a continuous discipline embedded into the software development lifecycle.<\/p>\n<hr data-start=\"6722\" data-end=\"6725\" \/>\n<h1 data-start=\"6727\" data-end=\"6765\">References (Official External Links)<\/h1>\n<ul data-start=\"6767\" data-end=\"7026\">\n<li data-start=\"6767\" data-end=\"6830\">\n<p data-start=\"6769\" data-end=\"6830\"><a data-start=\"6769\" data-end=\"6828\" rel=\"noopener\" target=\"_new\" class=\"decorated-link\" href=\"https:\/\/docs.spring.io\/spring-security\/reference\/index.html\">https:\/\/docs.spring.io\/spring-security\/reference\/index.html<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/span><\/a><\/p>\n<\/li>\n<li data-start=\"6831\" data-end=\"6870\">\n<p data-start=\"6833\" data-end=\"6870\"><a data-start=\"6833\" data-end=\"6868\" rel=\"noopener\" target=\"_new\" class=\"decorated-link\" href=\"https:\/\/cheatsheetseries.owasp.org\/\">https:\/\/cheatsheetseries.owasp.org\/<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/span><\/a><\/p>\n<\/li>\n<li data-start=\"6871\" data-end=\"6939\">\n<p data-start=\"6873\" data-end=\"6939\"><a data-start=\"6873\" data-end=\"6937\" rel=\"noopener\" target=\"_new\" class=\"decorated-link\" href=\"https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/security\/\">https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/security\/<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/span><\/a><\/p>\n<\/li>\n<li data-start=\"6940\" data-end=\"6989\">\n<p data-start=\"6942\" data-end=\"6989\"><a data-start=\"6942\" data-end=\"6987\" rel=\"noopener\" target=\"_new\" class=\"decorated-link\" href=\"https:\/\/kubernetes.io\/docs\/concepts\/security\/\">https:\/\/kubernetes.io\/docs\/concepts\/security\/<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/span><\/a><\/p>\n<\/li>\n<li data-start=\"6990\" data-end=\"7026\">\n<p data-start=\"6992\" data-end=\"7026\"><a data-start=\"6992\" data-end=\"7024\" rel=\"noopener\" target=\"_new\" class=\"decorated-link\" href=\"https:\/\/aws.amazon.com\/security\/\">https:\/\/aws.amazon.com\/security\/<\/a><\/p>\n<\/li>\n<\/ul>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"o-typing-delay-100ms ticss-27f7e3e9\"><o-anim-typing>&lt;> <strong>&#8220;Happy developing, one line at a time!&#8221;<\/strong> &lt;\/><\/o-anim-typing><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As organizations continue to modernize applications using microservices, containers, and managed cloud services, the attack surface expands significantly. Cloud-native Java applications\u2014running on platforms such as Kubernetes, AWS, Azure, and GCP\u2014must embed security directly into the development lifecycle rather than bolting it on later. Secure coding is not just about preventing [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":329,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":"","jetpack_publicize_message":"Published a deep-dive guide on Secure Code Practices in Java for Cloud-Native Applications.\nIt covers authentication, API security, secrets management, dependency safety, container hardening, and DevSecOps essentials\u2014designed specifically for modern microservice architectures.","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[113],"tags":[],"class_list":["post-328","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-java-spring-boot-aws-microservices"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Secure Code Practices in Java for Cloud-Native Applications - &lt;&gt;HARSHAD&#039;s Dev Diary&lt;\/&gt;<\/title>\n<meta name=\"description\" content=\"A complete guide to secure code practices in Java for cloud-native applications. Learn how to protect APIs, secure dependencies, manage secrets, enforce authentication, and strengthen container and deployment security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure Code Practices in Java for Cloud-Native Applications - &lt;&gt;HARSHAD&#039;s Dev Diary&lt;\/&gt;\" \/>\n<meta property=\"og:description\" content=\"A complete guide to secure code practices in Java for cloud-native applications. Learn how to protect APIs, secure dependencies, manage secrets, enforce authentication, and strengthen container and deployment security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/\" \/>\n<meta property=\"og:site_name\" content=\"&lt;&gt;HARSHAD&#039;s Dev Diary&lt;\/&gt;\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-06T05:55:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/11\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"HS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"HS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/\"},\"author\":{\"name\":\"HS\",\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/#\\\/schema\\\/person\\\/d82781218ba30c34fa81b49e8393681e\"},\"headline\":\"Secure Code Practices in Java for Cloud-Native Applications\",\"datePublished\":\"2025-12-06T05:55:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/\"},\"wordCount\":821,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/#\\\/schema\\\/person\\\/d82781218ba30c34fa81b49e8393681e\"},\"image\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png\",\"articleSection\":[\"Java, Spring Boot, AWS, Microservices\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/\",\"url\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/\",\"name\":\"Secure Code Practices in Java for Cloud-Native Applications - &lt;&gt;HARSHAD&#039;s Dev Diary&lt;\\\/&gt;\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png\",\"datePublished\":\"2025-12-06T05:55:00+00:00\",\"description\":\"A complete guide to secure code practices in Java for cloud-native applications. Learn how to protect APIs, secure dependencies, manage secrets, enforce authentication, and strengthen container and deployment security.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/#primaryimage\",\"url\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png\",\"contentUrl\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png\",\"width\":1024,\"height\":1024,\"caption\":\"Secure Code Practices in Java for Cloud-Native Applications\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/secure-code-practices-java-cloud-native-applications\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure Code Practices in Java for Cloud-Native Applications\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/\",\"name\":\"Harshad's Dev Diary\",\"description\":\"HARSHAD&#039;s Dev Diary\",\"publisher\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/#\\\/schema\\\/person\\\/d82781218ba30c34fa81b49e8393681e\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/#\\\/schema\\\/person\\\/d82781218ba30c34fa81b49e8393681e\",\"name\":\"HS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/about.jpg\",\"url\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/about.jpg\",\"contentUrl\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/about.jpg\",\"width\":400,\"height\":400,\"caption\":\"HS\"},\"logo\":{\"@id\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/about.jpg\"},\"sameAs\":[\"https:\\\/\\\/harshad-sonawane.com\\\/blog\"],\"url\":\"https:\\\/\\\/harshad-sonawane.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure Code Practices in Java for Cloud-Native Applications - &lt;&gt;HARSHAD&#039;s Dev Diary&lt;\/&gt;","description":"A complete guide to secure code practices in Java for cloud-native applications. Learn how to protect APIs, secure dependencies, manage secrets, enforce authentication, and strengthen container and deployment security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/","og_locale":"en_US","og_type":"article","og_title":"Secure Code Practices in Java for Cloud-Native Applications - &lt;&gt;HARSHAD&#039;s Dev Diary&lt;\/&gt;","og_description":"A complete guide to secure code practices in Java for cloud-native applications. Learn how to protect APIs, secure dependencies, manage secrets, enforce authentication, and strengthen container and deployment security.","og_url":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/","og_site_name":"&lt;&gt;HARSHAD&#039;s Dev Diary&lt;\/&gt;","article_published_time":"2025-12-06T05:55:00+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/11\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png","type":"image\/png"}],"author":"HS","twitter_card":"summary_large_image","twitter_misc":{"Written by":"HS","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/#article","isPartOf":{"@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/"},"author":{"name":"HS","@id":"https:\/\/harshad-sonawane.com\/blog\/#\/schema\/person\/d82781218ba30c34fa81b49e8393681e"},"headline":"Secure Code Practices in Java for Cloud-Native Applications","datePublished":"2025-12-06T05:55:00+00:00","mainEntityOfPage":{"@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/"},"wordCount":821,"commentCount":0,"publisher":{"@id":"https:\/\/harshad-sonawane.com\/blog\/#\/schema\/person\/d82781218ba30c34fa81b49e8393681e"},"image":{"@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/#primaryimage"},"thumbnailUrl":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/11\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png","articleSection":["Java, Spring Boot, AWS, Microservices"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/","url":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/","name":"Secure Code Practices in Java for Cloud-Native Applications - &lt;&gt;HARSHAD&#039;s Dev Diary&lt;\/&gt;","isPartOf":{"@id":"https:\/\/harshad-sonawane.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/#primaryimage"},"image":{"@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/#primaryimage"},"thumbnailUrl":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/11\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png","datePublished":"2025-12-06T05:55:00+00:00","description":"A complete guide to secure code practices in Java for cloud-native applications. Learn how to protect APIs, secure dependencies, manage secrets, enforce authentication, and strengthen container and deployment security.","breadcrumb":{"@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/#primaryimage","url":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/11\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png","contentUrl":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/11\/ChatGPT-Image-Nov-15-2025-10_57_04-PM.png","width":1024,"height":1024,"caption":"Secure Code Practices in Java for Cloud-Native Applications"},{"@type":"BreadcrumbList","@id":"https:\/\/harshad-sonawane.com\/blog\/secure-code-practices-java-cloud-native-applications\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/harshad-sonawane.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Secure Code Practices in Java for Cloud-Native Applications"}]},{"@type":"WebSite","@id":"https:\/\/harshad-sonawane.com\/blog\/#website","url":"https:\/\/harshad-sonawane.com\/blog\/","name":"Harshad's Dev Diary","description":"HARSHAD&#039;s Dev Diary","publisher":{"@id":"https:\/\/harshad-sonawane.com\/blog\/#\/schema\/person\/d82781218ba30c34fa81b49e8393681e"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/harshad-sonawane.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/harshad-sonawane.com\/blog\/#\/schema\/person\/d82781218ba30c34fa81b49e8393681e","name":"HS","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/02\/about.jpg","url":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/02\/about.jpg","contentUrl":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/02\/about.jpg","width":400,"height":400,"caption":"HS"},"logo":{"@id":"https:\/\/harshad-sonawane.com\/blog\/wp-content\/uploads\/2025\/02\/about.jpg"},"sameAs":["https:\/\/harshad-sonawane.com\/blog"],"url":"https:\/\/harshad-sonawane.com\/blog\/author\/admin\/"}]}},"jetpack_publicize_connections":[],"_links":{"self":[{"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/posts\/328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/comments?post=328"}],"version-history":[{"count":5,"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/posts\/328\/revisions"}],"predecessor-version":[{"id":337,"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/posts\/328\/revisions\/337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/media\/329"}],"wp:attachment":[{"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/media?parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/categories?post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harshad-sonawane.com\/blog\/wp-json\/wp\/v2\/tags?post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}