For this Foojay Podcast, we invited security experts to dive into the fascinating world of secure coding and detecting vulnerabilities in your Java applications.
How can you make and keep your systems safe?
That’s what we want to find out…
Steve Poole (Sonatype, @spool167)Brian Vermeer (Snyk, @BrianVerm, @firstname.lastname@example.org) Anastasiia Voitova (Cossack Labs, @vixentael, @email@example.com)
Erik Costlow (Azul, @costlow, @firstname.lastname@example.org)
00’00 Short intro and music00’15 Introduction about the topic of this podcast00’31 Introduction of the guests and host02’40 Foojay article written by Brain about dependencies https://foojay.io/today/best-practices-for-managing-java-dependencies/05’02 XML parsers in Java05’55 “The more the merrier” versus “The less the better”06’30 Foojay article written by Brain about the role of Data Transfer Objects in securityhttps://foojay.io/today/how-to-use-java-dtos-to-stay-secure/09’10 Extending on DTOs: encryption in data provisioning11’10 Database entities versus DTOs and serialization12’25 Developers need to be trained more on security and take responsibility13’50 Don’t design your own security solutionhttps://www.cossacklabs.com/blog/cryptographic-failures-in-rf-encryption/16’58 Cryptograpic dad joke… 17’40 What are CVEs (Common Vulnerabilities and Exposures)20’40 Security in the layers of a Java environment24’50 JAR signing26’40 CWE with the W of Weaknesses and OWASPhttps://owasp.org/www-project-top-ten/https://www.exploit-db.com/29’40 How to evaluate vulnerability scoreshttps://foojay.io/today/java-security-log4j-the-securitymanager-and-funding/31’23 CVEs as Pokemon, “You gotta catch them all” workshop32’20 How to be able to fix vulnerabilities33’57 About the recent critical SSL vulnerability36’02 Libraries are linked (integrated) into a Java projecthttps://github.com/quarkusio/quarkus/issues/1490438’15 Security is an educational thing and understand your tools39’90 Role of the different players in a team46’32 Can the JVM itself be more secure49’44 Make the JVM aware of vulnerable code 51’10 Security insights in IoT deviceshttps://www.cossacklabs.com/case-studies/iiot-security-a-hive-and-a-queen/1h01’30 Developers should learn about defending depth1h02’10 Conclusion
The post Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure? appeared first on foojay.