Recently, I faced the following situation: one of the developers on our team wrote a small functionality for an internal Java application. Everything was going smoothly until we received a request from the security team that there was a vulnerability in the code that allowed SQL injection. It turned out that the problem was simply ignoring the use of parameterized queries. We had a panic attack, but the problem was quickly fixed. Now I'm thinking, what other security issues can there be in Java add-ins? What do you usually pay attention to when developing applications?

It's good that it was only a security check. By the way, if you are interested in how other companies solve security issues, it is worth reading how https://digiscorp.com/java-development-services/ work. There are some interesting approaches to development and mentions of risk management there. I think you might find some of this useful.