À propos de ce groupe

Le Montréal Java User Group (JUG) est un groupe d'utilisateurs Java se réunissant régulièrement afin d'échanger des idées et de discuter des avancées technologiques de la plateforme Java. Nous nous rencontrons chaque mois. Les réunions sont gratuites, ouvertes à tous et consistent en une présentation technique, une démonstration d'un produit, ou une table ronde. N'hésitez pas à nous contacter pour toute proposition de présentation que vous aimeriez donner !

Nous acceptons aussi les dons et sponsorships (http://www.montreal-jug.org/sponsoring/), qui nous aident à payer les frais de base (meetup, pizzas, etc).

Faire un don... (http://www.montreal-jug.org/sponsoring/)

Événements à venir (1)

Atelier / Workshop Java Security Code Review: Shall we play a game? by P. Arteau

Note : Cet atelier sera conduit par Philippe et des organisateurs du Montreal JUG - tous parlent français et anglais. This workshop is lead by Philippe and some Montreal JUG organizers - all of them speak both french and english. Description : Java developers are building web applications, web services and other back-end components. These components may transport sensitive information, do business critical operations or transit credit cards. Security quickly becomes a concern for the business developing or operating the software. The application layer is now the number one target according to reported incidents [Source:DHS]. Having basic knowledge about security principles is not enough to provide solid defense against the average attacker. This workshop's exercises will be on the code analysis of custom sample applications. The open-source tool Find Security Bugs will be used. For most of the vulnerabilities, a sample vulnerable application will be available for exploitation. This workshop will cover the following classes of vulnerabilities: - Path Traversal - XXE - HQL Injection - Insecure Deserialization - Expression Injection Prérequis: - Personal laptop - IntelliJ IDEA https://www.jetbrains.com/idea/download/ ** - Burp HTTP Proxy https://portswigger.net/burp/communitydownload ** ** Preferred tool: An equivalent tool can be used but support and demos will made for those listed. Bio Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs. He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. He presented at several conferences including Black Hat Arsenal, ATLSecCon, NorthSec, Hackfest (QC), 44CON, HackInParis and JavaOne. He has found a couple of vulnerabilities affecting the Spring Framework: CVE[masked], CVE[masked] and CVE[masked]

Événements passés (45)

Photos (168)