Organised by: Arnhem Java User Group (ArnhemJUG)
Location: TenneT, Utrechtseweg 310, Arnhem, the Netherlands.
Hidden security features of the JVM – everything you didn’t know and moreJava 17 announced the depreciation of the Security Manager (which is ok since hardly anyone used it) but that doesn’t mean the JVM leaves you vulnerable. Many design features in the JVM and the JDK are there to help keep your application safe from harm. In this session, we’ll walk through these points – from compiler to bytecode to runtime and give you a refresher on how to get the best from these features. We’ll also look at new things in the works, compile-to-native consequences and even some off-the-wall “it’s just an idea” thoughts about how to make the JVM an even more secure environment.
About Steve PooleDirector of Developer Advocacy, Security Champion, DevOps practitioner (whatever that means) Long time Java developer, leader and evangelist. I’ve been working on Java SDKs and JVMs since Java was less than 1. JavaOne Rockstar, JSR leader and representation, Committer on open source projects including ones at Apache, Eclipse and OpenJDK. A seasoned speaker and regular presenter at international conferences on technical and software engineering topics.
Stranger Danger: Your Java Attack Surface Just Got BiggerBuilding (cloud-native) Java applications is undoubtedly awesome. However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things. Blindly depending on open-source libraries and Docker images can form a massive risk for your application. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user’s data. Join this hands-on Java cloud-native live-hacking session where we’ll show common threats, vulnerabilities, and misconfiguration. Most importantly, you’ll learn how to protect your application with actionable remediation and best practices.
About Brian VermeerJava Champion, Staff Developer Advocate and Software Engineer work for Snyk with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is a JUG leader for the Virtual JUG and the NLJUG. He also co-leads the DevSecCon community and is a community manager for Foojay. He is a regular international speaker at mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that, Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.