Explore the world of Java vulnerabilities in this 51-minute Devoxx conference talk. Delve into the reasons behind Java's reputation for security issues, learn about ongoing efforts to address these concerns, and discover strategies to minimize your own exposure. Gain insights into the reporting, management, and resolution of Java vulnerabilities, as well as specific attack vectors and the definition of a 'vulnerability'. With the rising threat of cybercrime, equip yourself with the knowledge to defend your code through practical examples and code demonstrations. Understand the intricacies of vulnerability scoring systems, security updates, and communication protocols. Examine local attacks, serialisation issues, and the importance of whitelisting. Learn about static code analyzers and their role in identifying potential vulnerabilities. By the end of this talk, you'll be better prepared to tackle security issues in Java and strengthen your defenses against potential threats.
Overview
Syllabus
Introduction
What is a vulnerability
Why should you care
Its not a smoking gun
Who the bad guys are
We are weak
We do this
Vulnerability
CVS
Vulnerability Scoring System
Vulnerability Communication
Security Updates
How Theyre Being Found
Why This Talk Exists
Statistics
Local attacks
Serialisation
Whitelisting
Patti Struts
jdwpiece
connect
summary
static code analyzers
Takeaways
Questions
Taught by
Devoxx
