{"id":32462,"date":"2025-03-18T17:51:17","date_gmt":"2025-03-18T16:51:17","guid":{"rendered":"https:\/\/www.codemotion.com\/magazine\/?p=32462"},"modified":"2025-03-18T17:51:19","modified_gmt":"2025-03-18T16:51:19","slug":"codice-sicuro-java-parte-3","status":"publish","type":"post","link":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/","title":{"rendered":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori Java \u2013 Parte 3"},"content":{"rendered":"\n<p>La sicurezza di un&#8217;applicazione non dipende solo da password robuste e crittografia avanzata. Se un attacco avviene e non viene rilevato, pu\u00f2 causare danni ingenti prima che qualcuno se ne accorga. <strong>Il logging e il monitoring sono essenziali per identificare e rispondere agli attacchi informatici.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-perche-il-logging-e-il-monitoring-sono-fondamentali\"><strong>1. Perch\u00e9 il logging e il monitoring sono fondamentali?<\/strong><\/h3>\n\n\n\n<p>Senza un buon sistema di logging e monitoring, gli attacchi possono passare inosservati per settimane o mesi; alcuni casi in cui \u00e8 imprescindibile loggare correttamente:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tentativi di accesso falliti ripetuti<\/strong>: brute force attack su account utente<\/li>\n\n\n\n<li><strong>Anomalie nei privilegi<\/strong>: un utente ottiene accesso amministrativo in modo sospetto<\/li>\n\n\n\n<li><strong>Accesso da IP insoliti<\/strong>: un utente con sede in Italia che si collega dalla Cina senza VPN<\/li>\n\n\n\n<li><strong>Attacchi SQL Injection e XSS:<\/strong> attraverso pattern ricorrenti nei log di input utente<\/li>\n<\/ul>\n\n\n\n<p>Un <a href=\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/crowdstrike-e-altri-disastri-tecnologici\/\" target=\"_blank\" rel=\"noreferrer noopener\">caso reale \u00e8 quello di <strong>Equifax (2017)<\/strong><\/a>, in cui un attacco non \u00e8 stato rilevato per mesi a causa della mancanza di un sistema di logging e monitoring efficace.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-errori-comuni-nel-logging-e-monitoring\"><strong>2. Errori comuni nel logging e monitoring<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-2-1-non-loggare-eventi-critici\"><strong>2.1 Non loggare eventi critici<\/strong><\/h4>\n\n\n\n<p>Un errore comune \u00e8 non registrare eventi importanti, come login falliti ripetuti o modifiche di permessi.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-esempio-di-codice-vulnerabile\"><strong>Esempio di codice vulnerabile:<\/strong><\/h5>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">public <span class=\"hljs-keyword\">void<\/span> login(<span class=\"hljs-built_in\">String<\/span> username, <span class=\"hljs-built_in\">String<\/span> password) {\n    User user = userService.authenticate(username, password);\n    <span class=\"hljs-keyword\">if<\/span> (user == <span class=\"hljs-literal\">null<\/span>) {\n        <span class=\"hljs-comment\">\/\/ Nessun log sull'accesso fallito<\/span>\n        <span class=\"hljs-keyword\">return<\/span>;\n    }\n    <span class=\"hljs-comment\">\/\/ Login riuscito<\/span>\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h5 class=\"wp-block-heading\" id=\"h-soluzione-corretta-con-logging-adeguato\"><strong><strong>Soluzione corretta con logging adeguato:<\/strong><\/strong><\/h5>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\"><span class=\"hljs-keyword\">import<\/span> org.slf4j.Logger;\n<span class=\"hljs-keyword\">import<\/span> org.slf4j.LoggerFactory;\n\npublic <span class=\"hljs-class\"><span class=\"hljs-keyword\">class<\/span> <span class=\"hljs-title\">AuthService<\/span> <\/span>{\n    private <span class=\"hljs-keyword\">static<\/span> final Logger logger = LoggerFactory.getLogger(AuthService.class);\n\n    public <span class=\"hljs-keyword\">void<\/span> login(<span class=\"hljs-built_in\">String<\/span> username, <span class=\"hljs-built_in\">String<\/span> password) {\n        User user = userService.authenticate(username, password);\n        <span class=\"hljs-keyword\">if<\/span> (user == <span class=\"hljs-literal\">null<\/span>) {\n            logger.warn(<span class=\"hljs-string\">\"Tentativo di accesso fallito per l'utente: {}\"<\/span>, username);\n            <span class=\"hljs-keyword\">return<\/span>;\n        }\n        logger.info(<span class=\"hljs-string\">\"Accesso riuscito per l'utente: {}\"<\/span>, username);\n    }\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h4 class=\"wp-block-heading\" id=\"h-2-2-loggare-informazioni-sensibili\"><strong>2.2 Loggare informazioni sensibili<\/strong><\/h4>\n\n\n\n<p>Loggare con criterio significa registrare solo le informazioni necessarie per rilevare e diagnosticare anomalie di sicurezza senza compromettere la privacy degli utenti o esporre dati sensibili. <strong>Un logging eccessivo pu\u00f2 portare a problemi di conformit\u00e0<\/strong> (GDPR, PCI-DSS) e aumentare il rischio di violazioni dei dati, mentre un logging insufficiente pu\u00f2 rendere difficile individuare attacchi o attivit\u00e0 sospette. \u00c8 fondamentale evitare di loggare informazioni come password, token di sessione, numeri di carte di credito o dati personali, limitandosi a identificatori non sensibili e dettagli utili per il debugging e l&#8217;audit della sicurezza.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-esempio-di-cattivo-logging\"><strong>Esempio di cattivo logging:<\/strong><\/h5>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"CSS\" data-shcb-language-slug=\"css\"><span><code class=\"hljs language-css\"><span class=\"hljs-selector-tag\">logger<\/span><span class=\"hljs-selector-class\">.info<\/span>(\"<span class=\"hljs-selector-tag\">Utente<\/span> {} <span class=\"hljs-selector-tag\">ha<\/span> <span class=\"hljs-selector-tag\">effettuato<\/span> <span class=\"hljs-selector-tag\">il<\/span> <span class=\"hljs-selector-tag\">login<\/span> <span class=\"hljs-selector-tag\">con<\/span> <span class=\"hljs-selector-tag\">password<\/span> {}\", <span class=\"hljs-selector-tag\">username<\/span>, <span class=\"hljs-selector-tag\">password<\/span>);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">CSS<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">css<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h5 class=\"wp-block-heading\" id=\"h-soluzione-sicura\"><strong>Soluzione sicura:<\/strong><\/h5>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"CSS\" data-shcb-language-slug=\"css\"><span><code class=\"hljs language-css\"><span class=\"hljs-selector-tag\">logger<\/span><span class=\"hljs-selector-class\">.info<\/span>(\"<span class=\"hljs-selector-tag\">Utente<\/span> {} <span class=\"hljs-selector-tag\">ha<\/span> <span class=\"hljs-selector-tag\">effettuato<\/span> <span class=\"hljs-selector-tag\">il<\/span> <span class=\"hljs-selector-tag\">login<\/span>\", <span class=\"hljs-selector-tag\">username<\/span>);<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">CSS<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">css<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h4 class=\"wp-block-heading\" id=\"h-2-3-log-non-protetti\"><strong>2.3 Log non protetti<\/strong><\/h4>\n\n\n\n<p>I log non protetti possono essere un bersaglio per attaccanti che vogliono alterare o cancellare tracce di attivit\u00e0 malevole. \u00c8 essenziale archiviarli in percorsi sicuri, limitare gli accessi e utilizzare firme digitali o hashing per garantirne l\u2019integrit\u00e0, evitando cos\u00ec manipolazioni non autorizzate.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-best-practices-per-la-protezione-dei-log\"><strong> Best practices per la protezione dei log:<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Salvare i log in directory protette<\/strong> con permessi adeguati.<\/li>\n\n\n\n<li><strong>Non archiviare i log localmente<\/strong> su macchine compromettibili, ma inviarli a un server centralizzato (ELK Stack, Splunk, Graylog).<\/li>\n\n\n\n<li><strong>Usare firme digitali<\/strong> per prevenire la modifica dei log.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-2-4-assenza-di-monitoraggio-e-alerting\"><strong>2.4 Assenza di monitoraggio e alerting<\/strong><\/h4>\n\n\n\n<p>L&#8217;assenza totale di monitoraggio dei log rende impossibile rilevare e rispondere tempestivamente a incidenti di sicurezza. Senza tracce delle attivit\u00e0 o non monitorando i log, le intrusioni possono passare inosservate per mesi, compromettendo dati e sistemi senza possibilit\u00e0 di analisi forense o mitigazione efficace.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-strumenti-consigliati\"><strong> Strumenti consigliati:<\/strong><\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SIEM (Security Information and Event Management)<\/strong> per analizzare i log in tempo reale.<\/li>\n\n\n\n<li><strong>Prometheus + Grafana<\/strong> per monitorare l&#8217;attivit\u00e0 anomala.<\/li>\n\n\n\n<li><strong>Email\/SMS Alerting<\/strong> per notificare i responsabili in caso di attivit\u00e0 sospette.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-implementazione-sicura-del-logging-in-java\"><strong>3. Implementazione sicura del logging in java<\/strong><\/h3>\n\n\n\n<p>Un&#8217;implementazione sicura del logging in Java richiede l\u2019uso di framework affidabili come Logback o SLF4J, configurati per escludere dati sensibili e scrivere log in percorsi protetti. \u00c8 consigliabile impostare livelli di log adeguati, utilizzare crittografia per dati sensibili quando necessario e applicare controlli di accesso per prevenire manipolazioni non autorizzate.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-3-1-configurare-logback-in-modo-sicuro\"><strong>3.1 Configurare logback in modo sicuro<\/strong><\/h4>\n\n\n\n<p>Nel file <code>logback.xml<\/code> evita di loggare dati sensibili e imposta livelli di severit\u00e0 adeguati:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"HTML, XML\" data-shcb-language-slug=\"xml\"><span><code class=\"hljs language-xml\"><span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">configuration<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">appender<\/span> <span class=\"hljs-attr\">name<\/span>=<span class=\"hljs-string\">\"FILE\"<\/span> <span class=\"hljs-attr\">class<\/span>=<span class=\"hljs-string\">\"ch.qos.logback.core.rolling.RollingFileAppender\"<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">file<\/span>&gt;<\/span>logs\/security.log<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">file<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">rollingPolicy<\/span> <span class=\"hljs-attr\">class<\/span>=<span class=\"hljs-string\">\"ch.qos.logback.core.rolling.TimeBasedRollingPolicy\"<\/span>&gt;<\/span>\n            <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">fileNamePattern<\/span>&gt;<\/span>logs\/security-%d{yyyy-MM-dd}.log<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">fileNamePattern<\/span>&gt;<\/span>\n            <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">maxHistory<\/span>&gt;<\/span>30<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">maxHistory<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">rollingPolicy<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">encoder<\/span>&gt;<\/span>\n            <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">pattern<\/span>&gt;<\/span>%d{yyyy-MM-dd HH:mm:ss} - %level - %msg%n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">pattern<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">encoder<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">appender<\/span>&gt;<\/span>\n    \n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">logger<\/span> <span class=\"hljs-attr\">name<\/span>=<span class=\"hljs-string\">\"com.myapp.security\"<\/span> <span class=\"hljs-attr\">level<\/span>=<span class=\"hljs-string\">\"WARN\"<\/span> <span class=\"hljs-attr\">additivity<\/span>=<span class=\"hljs-string\">\"false\"<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">appender-ref<\/span> <span class=\"hljs-attr\">ref<\/span>=<span class=\"hljs-string\">\"FILE\"<\/span> \/&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">logger<\/span>&gt;<\/span>\n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">configuration<\/span>&gt;<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">HTML, XML<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">xml<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h4 class=\"wp-block-heading\" id=\"h-3-2-configurare-alerting-su-eventi-critici\"><strong>3.2 Configurare alerting su eventi critici<\/strong><\/h4>\n\n\n\n<p>Con Logback \u00e8 possibile inviare notifiche email su eventi di sicurezza:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"HTML, XML\" data-shcb-language-slug=\"xml\"><span><code class=\"hljs language-xml\"><span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">appender<\/span> <span class=\"hljs-attr\">name<\/span>=<span class=\"hljs-string\">\"EMAIL\"<\/span> <span class=\"hljs-attr\">class<\/span>=<span class=\"hljs-string\">\"ch.qos.logback.classic.net.SMTPAppender\"<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">SMTPHost<\/span>&gt;<\/span>smtp.miodominio.com<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">SMTPHost<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">To<\/span>&gt;<\/span>security-team@miodominio.com<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">To<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">From<\/span>&gt;<\/span>no-reply@miodominio.com<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">From<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">Subject<\/span>&gt;<\/span>&#91;ALERT] Evento di Sicurezza Rilevato<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">Subject<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">layout<\/span> <span class=\"hljs-attr\">class<\/span>=<span class=\"hljs-string\">\"ch.qos.logback.classic.PatternLayout\"<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">pattern<\/span>&gt;<\/span>%d{yyyy-MM-dd HH:mm:ss} - %level - %msg%n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">pattern<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">layout<\/span>&gt;<\/span>\n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">appender<\/span>&gt;<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">HTML, XML<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">xml<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\"><strong>4. Conclusione<\/strong><\/h3>\n\n\n\n<p>Un buon sistema di logging e monitoring in Java pu\u00f2 prevenire attacchi informatici e minimizzare i danni in caso di violazione. Per garantire la sicurezza della tua applicazione:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Logga gli eventi critici.<\/li>\n\n\n\n<li>Proteggi i log da accessi non autorizzati.<\/li>\n\n\n\n<li>Non registrare dati sensibili nei log.<\/li>\n\n\n\n<li>Implementa alert e strumenti di monitoring.<\/li>\n<\/ul>\n\n\n\n<p>Seguendo queste best practices, sarai in grado di identificare e rispondere rapidamente a eventuali minacce, proteggendo i tuoi utenti e la tua infrastruttura.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>La sicurezza di un&#8217;applicazione non dipende solo da password robuste e crittografia avanzata. Se un attacco avviene e non viene rilevato, pu\u00f2 causare danni ingenti prima che qualcuno se ne accorga. Il logging e il monitoring sono essenziali per identificare e rispondere agli attacchi informatici. 1. Perch\u00e9 il logging e il monitoring sono fondamentali? Senza&#8230; <a class=\"more-link\" href=\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/\">Read more<\/a><\/p>\n","protected":false},"author":218,"featured_media":32465,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10228],"tags":[11706,12161],"collections":[12845,12189],"class_list":{"0":"post-32462","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cybersecurity-it","8":"tag-java-it","9":"tag-security-it","10":"collections-cybersecurity-it","11":"collections-java-it","12":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Codice sicuro in Java \u2013 Parte 3<\/title>\n<meta name=\"description\" content=\"Il logging e il monitoring sono essenziali per rilevare e rispondere agli attacchi informatici prima che causino danni. Scopri gli errori pi\u00f9 comuni, le best practice e come implementare un sistema sicuro in Java.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Scrivere codice sicuro: la guida essenziale per gli sviluppatori Java \u2013 Parte 3\" \/>\n<meta property=\"og:description\" content=\"Il logging e il monitoring sono essenziali per rilevare e rispondere agli attacchi informatici prima che causino danni. Scopri gli errori pi\u00f9 comuni, le best practice e come implementare un sistema sicuro in Java.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/\" \/>\n<meta property=\"og:site_name\" content=\"Codemotion Magazine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Codemotion.Italy\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-18T16:51:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-18T16:51:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1792\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"peduz91\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@peduz91\" \/>\n<meta name=\"twitter:site\" content=\"@CodemotionIT\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"peduz91\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/\"},\"author\":{\"name\":\"peduz91\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/452ca8d6219835e3b83660c0c86dfb98\"},\"headline\":\"Scrivere codice sicuro: la guida essenziale per gli sviluppatori Java \u2013 Parte 3\",\"datePublished\":\"2025-03-18T16:51:17+00:00\",\"dateModified\":\"2025-03-18T16:51:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/\"},\"wordCount\":635,\"publisher\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp\",\"keywords\":[\"Java\",\"Security\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/\",\"name\":\"Codice sicuro in Java \u2013 Parte 3\",\"isPartOf\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp\",\"datePublished\":\"2025-03-18T16:51:17+00:00\",\"dateModified\":\"2025-03-18T16:51:19+00:00\",\"description\":\"Il logging e il monitoring sono essenziali per rilevare e rispondere agli attacchi informatici prima che causino danni. Scopri gli errori pi\u00f9 comuni, le best practice e come implementare un sistema sicuro in Java.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#primaryimage\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp\",\"width\":1792,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.codemotion.com\/magazine\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Scrivere codice sicuro: la guida essenziale per gli sviluppatori Java \u2013 Parte 3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#website\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/\",\"name\":\"Codemotion Magazine\",\"description\":\"We code the future. Together\",\"publisher\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\",\"name\":\"Codemotion\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png\",\"width\":225,\"height\":225,\"caption\":\"Codemotion\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Codemotion.Italy\/\",\"https:\/\/x.com\/CodemotionIT\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/452ca8d6219835e3b83660c0c86dfb98\",\"name\":\"peduz91\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/12\/gp-100x100.jpg\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/12\/gp-100x100.jpg\",\"caption\":\"peduz91\"},\"description\":\"I am a software developer with a strong passion for development, technology, soccer and chess. I always like to challenge myself, I often try new things. I think the most important thing is to work well with the team.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/giuseppe-pedull-68ab8274\/\",\"https:\/\/x.com\/peduz91\"],\"url\":\"https:\/\/www.codemotion.com\/magazine\/author\/peduz91\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Codice sicuro in Java \u2013 Parte 3","description":"Il logging e il monitoring sono essenziali per rilevare e rispondere agli attacchi informatici prima che causino danni. Scopri gli errori pi\u00f9 comuni, le best practice e come implementare un sistema sicuro in Java.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/","og_locale":"en_US","og_type":"article","og_title":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori Java \u2013 Parte 3","og_description":"Il logging e il monitoring sono essenziali per rilevare e rispondere agli attacchi informatici prima che causino danni. Scopri gli errori pi\u00f9 comuni, le best practice e come implementare un sistema sicuro in Java.","og_url":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/","og_site_name":"Codemotion Magazine","article_publisher":"https:\/\/www.facebook.com\/Codemotion.Italy\/","article_published_time":"2025-03-18T16:51:17+00:00","article_modified_time":"2025-03-18T16:51:19+00:00","og_image":[{"width":1792,"height":1024,"url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp","type":"image\/webp"}],"author":"peduz91","twitter_card":"summary_large_image","twitter_creator":"@peduz91","twitter_site":"@CodemotionIT","twitter_misc":{"Written by":"peduz91","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#article","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/"},"author":{"name":"peduz91","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/452ca8d6219835e3b83660c0c86dfb98"},"headline":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori Java \u2013 Parte 3","datePublished":"2025-03-18T16:51:17+00:00","dateModified":"2025-03-18T16:51:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/"},"wordCount":635,"publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp","keywords":["Java","Security"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/","url":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/","name":"Codice sicuro in Java \u2013 Parte 3","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#primaryimage"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp","datePublished":"2025-03-18T16:51:17+00:00","dateModified":"2025-03-18T16:51:19+00:00","description":"Il logging e il monitoring sono essenziali per rilevare e rispondere agli attacchi informatici prima che causino danni. Scopri gli errori pi\u00f9 comuni, le best practice e come implementare un sistema sicuro in Java.","breadcrumb":{"@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#primaryimage","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp","width":1792,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/codice-sicuro-java-parte-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.codemotion.com\/magazine\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.codemotion.com\/magazine\/it\/cybersecurity-it\/"},{"@type":"ListItem","position":3,"name":"Scrivere codice sicuro: la guida essenziale per gli sviluppatori Java \u2013 Parte 3"}]},{"@type":"WebSite","@id":"https:\/\/www.codemotion.com\/magazine\/#website","url":"https:\/\/www.codemotion.com\/magazine\/","name":"Codemotion Magazine","description":"We code the future. Together","publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.codemotion.com\/magazine\/#organization","name":"Codemotion","url":"https:\/\/www.codemotion.com\/magazine\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","width":225,"height":225,"caption":"Codemotion"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Codemotion.Italy\/","https:\/\/x.com\/CodemotionIT"]},{"@type":"Person","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/452ca8d6219835e3b83660c0c86dfb98","name":"peduz91","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/12\/gp-100x100.jpg","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/12\/gp-100x100.jpg","caption":"peduz91"},"description":"I am a software developer with a strong passion for development, technology, soccer and chess. I always like to challenge myself, I often try new things. I think the most important thing is to work well with the team.","sameAs":["https:\/\/www.linkedin.com\/in\/giuseppe-pedull-68ab8274\/","https:\/\/x.com\/peduz91"],"url":"https:\/\/www.codemotion.com\/magazine\/author\/peduz91\/"}]}},"featured_image_src":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-600x400.webp","featured_image_src_square":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-600x600.webp","author_info":{"display_name":"peduz91","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/peduz91\/"},"uagb_featured_image_src":{"full":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp",1792,1024,false],"thumbnail":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-150x150.webp",150,150,true],"medium":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-300x171.webp",300,171,true],"medium_large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-768x439.webp",768,439,true],"large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-1024x585.webp",1024,585,true],"1536x1536":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-1536x878.webp",1536,878,true],"2048x2048":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java.webp",1792,1024,false],"small-home-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-100x100.webp",100,100,true],"sidebar-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-180x128.webp",180,128,true],"genesis-singular-images":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-896x504.webp",896,504,true],"archive-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-400x225.webp",400,225,true],"gb-block-post-grid-landscape":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-600x400.webp",600,400,true],"gb-block-post-grid-square":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/03\/monitoring-sicurezza-codice-sicuro-java-600x600.webp",600,600,true]},"uagb_author_info":{"display_name":"peduz91","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/peduz91\/"},"uagb_comment_info":0,"uagb_excerpt":"La sicurezza di un&#8217;applicazione non dipende solo da password robuste e crittografia avanzata. Se un attacco avviene e non viene rilevato, pu\u00f2 causare danni ingenti prima che qualcuno se ne accorga. Il logging e il monitoring sono essenziali per identificare e rispondere agli attacchi informatici. 1. Perch\u00e9 il logging e il monitoring sono fondamentali? Senza&#8230;&hellip;","lang":"it","_links":{"self":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/32462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/users\/218"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/comments?post=32462"}],"version-history":[{"count":3,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/32462\/revisions"}],"predecessor-version":[{"id":32467,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/32462\/revisions\/32467"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media\/32465"}],"wp:attachment":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media?parent=32462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/categories?post=32462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/tags?post=32462"},{"taxonomy":"collections","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/collections?post=32462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}