filmov
tv
The Anatomy of Java Vulnerabilities by Steve Poole & Tim Ellison
Показать описание
Java is everywhere. According to Oracle it’s on 3 billion devices and counting. We also know that Java is one of the most popular vehicles for delivering malware. But that’s just the plugin right? Well maybe not. Java on the server can be just at risk as the client.
In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is. With the continuing increase in cybercrime it’s time you knew how to defend your code. With examples and code this talk will help you become more effective in tacking security issues in Java.
Steve Poole is a DevOps practitioner (leading a large team of engineers on cutting edge DevOps exploitation ) and a long time IBM Java developer, leader and evangelist. He’s been working on IBM Java SDKs and JVMs since Java was less than 1. He's also had time to work on other things including representing IBM on various JSRs, being a committer on various open source projects including ones at Apache, Eclipse and OpenJDK. He’s also member of the Adopt OpenJDK group championing community involement in OpenJDK. Steve is a seasoned speaker and regular presenter at JavaOne and other conferences on technical and software engineering topics.
Tim Ellison is a senior member of IBM's Runtimes Technology Centre with responsibility for open source engineering projects.
Prior to his current position he was part of the original Eclipse development team, and a Vice President of the Apache Software Foundation Harmony Project. He is a member of the JSR376 expert group designing the Java modularity system, and JSR379 defining the Java SE 9 platform. He has spoken at conferences worldwide on topics relating to security.
Tim has contributed to the commercial implementation of Smalltalk, IBM VisualAge, Eclipse, and the Java SDK over a long period. He has a broad knowledge of high performance runtimes, open source methodologies, and applying new language technology to difficult problems.
In this talk we’ll cover all aspects of Java Vulnerabilities. We’ll explain why Java has this dubious reputation, what’s being done to address the issues and what you have to do to reduce your exposure. You’ll learn about Java vulnerabilities in general: how they are reported, managed and fixed as well as learning about the specifics of attack vectors and just what a ‘vulnerability’ actually is. With the continuing increase in cybercrime it’s time you knew how to defend your code. With examples and code this talk will help you become more effective in tacking security issues in Java.
Steve Poole is a DevOps practitioner (leading a large team of engineers on cutting edge DevOps exploitation ) and a long time IBM Java developer, leader and evangelist. He’s been working on IBM Java SDKs and JVMs since Java was less than 1. He's also had time to work on other things including representing IBM on various JSRs, being a committer on various open source projects including ones at Apache, Eclipse and OpenJDK. He’s also member of the Adopt OpenJDK group championing community involement in OpenJDK. Steve is a seasoned speaker and regular presenter at JavaOne and other conferences on technical and software engineering topics.
Tim Ellison is a senior member of IBM's Runtimes Technology Centre with responsibility for open source engineering projects.
Prior to his current position he was part of the original Eclipse development team, and a Vice President of the Apache Software Foundation Harmony Project. He is a member of the JSR376 expert group designing the Java modularity system, and JSR379 defining the Java SE 9 platform. He has spoken at conferences worldwide on topics relating to security.
Tim has contributed to the commercial implementation of Smalltalk, IBM VisualAge, Eclipse, and the Java SDK over a long period. He has a broad knowledge of high performance runtimes, open source methodologies, and applying new language technology to difficult problems.
0:45:44
0:56:11
0:49:23
0:46:32
0:50:51
0:53:32
0:52:26
1:23:24
1:01:45
0:35:22
0:51:02
0:59:09
0:57:17
0:56:49
0:46:13
0:35:22
0:49:51
0:02:56
0:00:25
0:26:28
1:05:00
0:48:53
0:09:08
0:35:45