Secure programming in Java

DevSecCon London 2018 speaker
DevSecCon London 2018 speaker
18 Oct 2018
13:40 - 15:05
ALT/TAB

Secure programming in Java

The root of application security issues facing most organizations today is that their developers are not trained in application security best practices. In addition to this, even developers that do have an awareness of application security typically lag behind in practical knowledge of how to remediate flaws and vulnerabilities. A 2017 study conducted by DevOps.com found that 76% of developers indicated security and secure development education needed for today’s world of coding is missing from formal development curriculums. In fact, developer respondents to 2014 survey by The Denim Group answered questions about secure coding practices correctly only 42% of the time, compared to 59% for appsec awareness. The same study found that appsec training was strongly correlated with improved developer performance, as the pass rate for developers who consumed more than three days of appsec training more than doubled.

In this workshop we’ll be diving into definition, detection and remediation of injection type flaws, specifically unsafe reflection and deserialization. We’ll discuss how deserialization caused the Equifax breach, then we will exploit and fix our own unsafe reflection and deserialization flaws on a cloud hosted virtual machine.

Get ticket

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Got it!" below then you are consenting to this.

Close