NLJUG – Nederlandse Java User Group NLJUG – de Nederlandse Java User Group – is opgericht in 2003. De NLJUG verenigt software ontwikkelaars, architecten, ICT managers, studenten, new media developers en haar businesspartners met algemene interesse in alle aspecten van Java Technology.
For this Foojay Podcast, we invited security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications.
How can you make and keep your systems safe?
That’s what we want to find out…
Guests
Steve Poole (Sonatype, @spool167)Brian Vermeer (Snyk, @BrianVerm, @brianverm@mastodon.social) Anastasiia Voitova (Cossack Labs, @vixentael, @vixentael@mastodon.social)
Host
Erik Costlow (Azul, @costlow, @costlow@mastodon.social)
Podcast
Content
00’00 Short intro and music00’15 Introduction about the topic of this podcast00’31 Introduction of the guests and host02’40 Foojay article written by Brain about dependencies https://foojay.io/today/best-practices-for-managing-java-dependencies/05’02 XML parsers in Java05’55 “The more the merrier” versus “The less the better”06’30 Foojay article written by Brain about the role of Data Transfer Objects in securityhttps://foojay.io/today/how-to-use-java-dtos-to-stay-secure/09’10 Extending on DTOs: encryption in data provisioning11’10 Database entities versus DTOs and serialization12’25 Developers need to be trained more on security and take responsibility13’50 Don’t design your own security solutionhttps://www.cossacklabs.com/blog/cryptographic-failures-in-rf-encryption/16’58 Cryptograpic dad joke… 17’40 What are CVEs (Common Vulnerabilities and Exposures)20’40 Security in the layers of a Java environment24’50 JAR signing26’40 CWE with the W of Weaknesses and OWASPhttps://owasp.org/www-project-top-ten/https://www.exploit-db.com/29’40 How to evaluate vulnerability scoreshttps://foojay.io/today/java-security-log4j-the-securitymanager-and-funding/31’23 CVEs as Pokemon, “You gotta catch them all” workshop32’20 How to be able to fix vulnerabilities33’57 About the recent critical SSL vulnerability36’02 Libraries are linked (integrated) into a Java projecthttps://github.com/quarkusio/quarkus/issues/1490438’15 Security is an educational thing and understand your tools39’90 Role of the different players in a team46’32 Can the JVM itself be more secure49’44 Make the JVM aware of vulnerable code 51’10 Security insights in IoT deviceshttps://www.cossacklabs.com/case-studies/iiot-security-a-hive-and-a-queen/1h01’30 Developers should learn about defending depth1h02’10 Conclusion
The post Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure? appeared first on foojay.