This month we decided to go online and share with your some insights on very important topic — Software Security! This time we have two guests: Maria and Alan which going to share their experience on dealing with network security and application security.
19:00 — 20:30 | Brian Vermeer— Developer at Snyk, Java & FP Enthusiast
Talk: Live hacking: Breaking into your Java web app
In this session, we will demonstrate how common vulnerabilities in the Java eco-system are exploited on a daily base by live hacking real-world application libraries. All the examples used are commonly known exploits, some more famous than others, such as Apache Struts and Spring break remote code execution vulnerabilities. By exploiting them and showing you how you can be attacked, before showing you how to protect yourself, you will have a better understanding of why and how security focus and DevSecOps is essential for every developer.
19:00 — 20:30 | Alan Scherger — operations-focused developer.
Talk: Demystifying Certificates and TLS For Java Developers
Demystifying Certificates and TLS For Java Developers What exactly is an SSL Certificate? Do rolling out tools with mTLS enabled seem impossible? Can you test that your infrastructure tools properly uphold the security claims they make regarding mTLS? Does the thought of rotating the certificate authority your service mesh rely on scare you? In this talk, we will begin our journey looking at the RFCs behind these technologies. Next, we will use OpenSSL, CFSSL, and mkcert to validate what we have learned about X509 v3 certificates. We will then bootstrap Consul to quickly demonstrate server, client, and browser usages of certificates. After that, we’ll do a deep-dive into how Kafka uses certificates to secure its brokers and clients, and possibly (KIP-515) its connections to Zookeeper.
Register here: 2event.com/en/events/1857717