Stranger Danger: Your Java Attack Surface Just Got Bigger
Details
Description:
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
Join me for a hands-on Java and cloud native live-hacking session to show common threats, vulnerabilities and misconfigurations. Most importantly, we'll also show how you can protect your application with actionable remediation and best practices for each exploit we demonstrate.
-----
Agenda:
- Intros & Ice Breaker
- What is DevSecOps?
- Live Hack: Application Code
- Live Hack: Open Source Dependencies
- Open Source Supply Chain Security
- Live Hack: Containers
- Overview: Infrastructure as Code Vulnerabilities
- What is the Solution?
- Q&A
-----
Bio:
With 27 years of Java Experience (yup, that’s from the beginning) and 20 years as a security professional, Micah Silverman has authored numerous articles, co-authored a Java EE book, and spoken at many conferences. He’s a maker, who's built full-size MAME arcade cabinets and repaired old electronic games. He brings his love of all things security and Java to a conference near you!
Connect with Micah on LinkedIn!