Java Security Jumpstart Workshop

Track: Workshops


Cyber Attacks and the Developer

       Introduction to the current state of cyber attacks. Motivations, objectives, methodologies.

       Changing the mindset of the developer. Examples and discussions on how individuals, communities and open source projects get attacked and exploited.

Learning from the Log4Shell saga.

       Hands-on demonstration, analysis and discussion of the many ways that the vulnerability can be exploited.

Better coding for more secure software

       Series of hands-on exercises with sample code and discussion afterwards

       Covers most of the 7 pernicious kingdoms

Dealing with Java serialisation

       How serialisation works and how it’s exploited.

How to write safter Java code

       Alternatives to Java Serialisation

       Introduction to microstream with hands-on

Software Supply chain

       New government directives that will affect how software is produced and consumed

The SBOM forcing function:

 how open source communities are affected.

Why your build pipelines will need turbo-charging

       Advanced guidance on selecting open source projects -its more than functionality

       Hands-on review of related open-source tools that should be on your list now

       Commercial interlude and why good intelligence is vital

       Snyk / Sonatype portfolios

Wrap up

Markus Kett

Markus and his team have been working on IDE tools for Java and database development for almost 20 years. He is the product owner of the RapidClipse IDE project, which is a free Eclipse distribution and visual Java IDE. Markus is co-founder and CEO at MicroStream, editor in chief for the free JAVAPRO magazine in Germany, and organizer of the Java conference JCON. He is an independent editor for several magazines, and speaker at many developer conferences, user groups, and meetups.

Brian Fox

Co-founder and CTO at Sonatype, Brian Fox is a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

Brian Vermeer

Sr. Developer Advocate for Snyk, Java Champion, and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is a JUG leader for the Virtual JUG and the NLJUG. He also co-leads the DevSecCon community and is a community manager for Foojay. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that, Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.

Steve Poole

Steve Poole is a Developer Advocate, DevOps practitioner and a long time Java developer, leader and evangelist. He’s been working on Java SDKs and JVMs since Java was less than one year old.