Overview
Explore the world of Java vulnerabilities in this 49-minute Devoxx conference talk. Delve into the reasons behind Java's reputation for security issues, learn about ongoing efforts to address these concerns, and discover strategies to minimize your own exposure. Gain insights into the reporting, management, and resolution of Java vulnerabilities, as well as specific attack vectors and the definition of a 'vulnerability'. With the rising threat of cybercrime, equip yourself with the knowledge to defend your code through practical examples and code demonstrations. Understand the scale of the problem, including issues related to the Java plugin, server-side vulnerabilities, and the impact on billions of devices worldwide. Learn about various types of exploits, including system hangs, buffer overflows, and serialization vulnerabilities. Explore tools and techniques for identifying and mitigating security risks, such as LGTM, Findbugs, and WASP. By the end of this talk, you'll be better prepared to tackle security issues in Java and enhance your overall cybersecurity practices.
Syllabus
Introduction
Overview
Two Character Change
Doubles
System Hangs
Technical Horror Story
What are vulnerabilities
Bug that can be exploited
Exploits
Who cares
Scale of the problem
Lots of those
Cybercrime
Windows
Social Engineering
Features
CVS
Search for Java
No Details
Reporting
Assess
Dependencies
Un untrusted code
Plugin
untrusted data
JPEG buffer overflow
No Equifax
Heartbleed Poodle
Local vectors
Wannacry
Serialisation
Debugging
Class loading
Class not found
Not in the map
Error message
Example
LGTM
Findbugs
WASP
Updating
Taught by
Devoxx