Past Meetup

JVM security & Agile Risk Management

This Meetup is past

14 people went

Location image of event venue

Details

Don't let yourself get fooled by Valentine's Day, just another day to get your money! ^^ For a change, invite your spouse/partner to the meetup instead and be original while not spending a dime! :-D
(I am sure it cannot be worse than scheduling a meetup the evening of a soccer game anyways :-D)

In the 1st part of this session, Nicolas Frankel will show us what can happen to the JVM if left unsecured and take us through a demo in what caa be done: The Java API allows a lot: sending packets over the network, compiling code, etc. If you put an application in an production environment, you need to make sure it doesn’t do more than it’s supposed to do. Consider a Java application in a private banking system. A new network administrator is hired, and while going around, he notices that the app is making network calls to a unknown external endpoint. After some investigation, it’s found that this app has been sending for years confidential data to a competitor (or a state, or hackers, whatever). This is awkward. Especially since it could have been avoided. Code reviews are good to improve the hardening of an application, but what if the malicious code was planted purposely? Some code buried in a commit could extract code from binary content, compile it on the fly, and then execute the code in the same JVM run... By default, the JVM is not secured! Securing the JVM for a non-trivial application is complex and time-consuming but the risks of not securing it could be disastrous.

In the 2nd part of the session, Fred Blaise will expose his current beliefs and experimentations (as well as seek feedback ;-)) on how to introduce risk assessment and management in the agile workflow, the former being often disliked by engineers, and perceived as tedious and bringing no real value.

Looking forward to see you there, it's been a while!

PS: This meetup is no longer "employer"-sponsored (for now).