Brian Vermeer

Brian Vermeer

Biography

Sr. Developer Advocate for Snyk, Java Champion, and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is a JUG leader for the Virtual JUG and the NLJUG. He also co-leads the DevSecCon community and is a community manager for Foojay. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that, Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.

Stranger Danger: Your Java Attack Surface Just Got Bigger
Building cloud-native Java applications is undoubtedly awesome. However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things. Blindly depending on open-source libraries and Docker images can form a massive risk for your application. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data. Join this hands-on Java cloud-native live-hacking session where we’ll show common threats, vulnerabilities, and misconfigurations. Most importantly, you’ll learn how to protect your application with actionable remediation and best practices
Java Security Jumpstart Workshop
Introductions Cyber Attacks and the Developer Introduction to the current state of cyber attacks. Motivations, objectives, methodologies. Changing the mindset of the developer. Examples and discussions on how individuals, communities and open source projects get attacked and exploited. Learning from the Log4Shell saga. Hands-on demonstration, analysis and discussion of the many ways that the vulnerability can be exploited. Better coding for more secure software Series of hands-on exercises with sample code and discussion afterwards Covers most of the 7 pernicious kingdoms Dealing with Java serialisation How serialisation works and how it’s exploited. How to write safter Java code Alternatives to Java Serialisation Introduction to microstream with hands-on Software Supply chain New government directives that will affect how software is produced and consumed The SBOM forcing function: how open source communities are affected. Why your build pipelines will need turbo-charging Advanced guidance on selecting open source projects -its more than functionality Hands-on review of related open-source tools that should be on your list now Commercial interlude and why good intelligence is vital Snyk / Sonatype portfolios Wrap up