12 April 2022

Java Security Jumpstart Workshop
Track: Workshops
Abstract
Introductions

Cyber Attacks and the Developer

   Introduction to the current state of cyber attacks. Motivations, objectives, methodologies.

   Changing the mindset of the developer. Examples and discussions on how individuals, communities and open source projects get attacked and exploited.

Learning from the Log4Shell saga.

   Hands-on demonstration, analysis and discussion of the many ways that the vulnerability can be exploited.

Better coding for more secure software

   Series of hands-on exercises with sample code and discussion afterwards

   Covers most of the 7 pernicious kingdoms

Dealing with Java serialisation

   How serialisation works and how it’s exploited.

How to write safter Java code

   Alternatives to Java Serialisation

   Introduction to microstream with hands-on

Software Supply chain

   New government directives that will affect how software is produced and consumed

The SBOM forcing function:

how open source communities are affected.

Why your build pipelines will need turbo-charging

   Advanced guidance on selecting open source projects -its more than functionality

   Hands-on review of related open-source tools that should be on your list now

   Commercial interlude and why good intelligence is vital

   Snyk / Sonatype portfolios

Wrap up
https://devnexus.com/presentations/6522/