The link to the "Live hacking: Breaking into your Java web app (Brian Vermeer)" talk:
https://youtu.be/wRouKN3Y5-U
Live hacking: Breaking into your Java web app (Brian Vermeer) In this session, we will demonstrate how common vulnerabilities in the Java eco-system are exploited on a daily base by live hacking real-world application libraries. All the examples used are commonly known exploits, some more famous than others, such as Apache Struts and Spring break remote code execution vulnerabilities. By exploiting them and showing you how you can be attacked, before showing you how to protect yourself, you will have a better understanding of why and how security focus and DevSecOps is essential for every developer.
Demystifying Certificates and TLS For Java Developers (Alan Scherger) What exactly is an SSL Certificate? Do rolling out tools with mTLS enabled seem impossible? Can you test that your infrastructure tools properly uphold the security claims they make regarding mTLS? Does the thought of rotating the certificate authority your service mesh rely on scare you? In this talk, we will begin our journey looking at the RFCs behind these technologies. Next, we will use OpenSSL, CFSSL, and mkcert to validate what we have learned about X509 v3 certificates. We will then bootstrap Consul to quickly demonstrate server, client, and browser usages of certificates. After that, we’ll do a deep-dive into how Kafka uses certificates to secure its brokers and clients, and possibly (KIP-515) its connections to Zookeeper.
Speakers:
Brian is Developer Advocate for Snyk and Software Engineer with over 10 years of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. He is a regular conference speaker on events like JFall, JBCNConf, Oracle Code, Devoxx, JavaZone, JFokus and JavaOne. Besides being an engineer he is a Reservist at the Royal Netherlands Air Force and a Taekwondo Master.
Alan is an operations-focused developer. He has experience running and developing with the Netflix stack, starting with Asgard. Now, of course, he studies, manages, and sometimes even contributes to tools such as Mesos, Kubernetes, Nomad, and Spinnaker. When he is not starring into pixels, he can be found picking-up and putting-down heavy things at a strength training gym, or unoriginally exploring coffee shops and boardgames whenever friends are free.