What if you had a magic wand that could help you do your everyday chores? With the rise of magical AI systems like ChatGPT is this becoming a reality? Other than creating some basic code, writing tv scripts and generally scaring society a little, what else could this magic be used for?
The world is increasingly threatened by cybercrime, regardless of whether it affects companies, organizations, governments, or facilities and infrastructure. In Java, serialization is the biggest security flaw. More than 50% of all vulnerabilities are linked to serialization. In this session, you will learn why we still need serialization, how the inbuilt design is fatally flawed, and how it is being exploited and used against us. Now, there is a way to protect your applications. With the high-secure Eclipse Serializer you will now be able to eliminate deserialization attacks.
Security in Jakarta EE has long been under-used and under-specified. Existing specifications ranged from overly complex to non-existent. The result: few people used security standards. Java EE 8 changed that with JSR 375. Its evolution Jakarta Security facilitates portable application security integrated with container security. Allowing applications to treat authentication mechanisms like OAuth or OpenID Connect same as built-in container mechanisms like FORM or container-based access to a URL and features like @RolesAllowed and isUserInRole automatically work as expected.
In these times of rising cyber attacks it’s imperative that every developer understands the basics about secure software design. In this session we’ll examine how attacks can happen and how you should use your Java and MicroProfile skills to counter the threat.
We will take you from the theory of attacks through to the code and configuration that helps defend against them. With both general advice and specific guidance this talk will help you become better prepared to deal with the new realities of cybercrime.
Imagine a small team working on an embedded device - it could be a simple light bulb, a security alarm, a set top box or an internet gateway. Their mission is to ship their application on this device. Typically, this team juggles their time between implementing their core application with bringing up a BSP, cobbling together an OTA solution to allow future updates, managing their CI pipeline and “implementing security”.
Meet the new, nastier brother of cyber crime: Cyberwarfare, It changes everything about how and why our software is attacked. This session will educate you on what's happening, why we're heading for a new reality of constant and sophisticated software supply chain attacks and what Log4Shell and others teach us about why our attitudes and approach to security must change
How to start worrying and do Software Composition Analysis in a complex YOCTO project.
Would you eat something where you didn't know the ingredients? Likely not. Then why are you building or running software where you have no idea what is in it? A Software Bill of Materials (SBOM) is an essential artifact that helps 'make known' the dependencies and inputs of a piece of software, essentially an SBOM tells you the ingredients of the software. Do not worry if you have never heard of an SBOM, this presentation will give you both a good understanding of what it is, but also how it can be leveraged. Beyond describing the purpose and value of an SBOM and how it fits into an ov
Ever seen a security-related issue that you felt should be reported? Unsure of how reporting a security issue is different than a regular bug? Developers of any level should know how to report a vulnerability. In this talk, we will talk about what CVEs are, some general vulnerability classifications, look at a few ways you can report security issues, as well as look at a few common mistakes.
Software dependencies can be viewed as graph that only get bigger as software evolved. This lead to multiple challenging situations related to security, quality, licensing and more. Today tools are great but more accurate tools such as FASTEN are under development. Join me to learn how the current dependency management tool are evolving to cope with the growing complexity of software development.
