Session
Securing Java Applications in the Age of Log4Shell
Due to unforseen circumstances, the speaker is no longer available for a Q&A. Please post any questions you have in the Announcement Slack channel.
On December 10th 2021, a new critical vulnerability, Log4Shell, was publicly disclosed and make global headlines. It impacted a wide number of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide.
In this session, we'll briefly cover what caused the issue, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more.
The majority of the session will look at how we can be more proactive and defensive in our decisions for future Log4Shell like scenarios. We'll take a look at where risk is being introduced into our applications and pipelines, and how we can identify and reduce this risk up front, as well as be better prepared to react to these types of incidents in future.
Speaker
Simon Maple
Field CTO @snyksec
Simon Maple is the Field CTO at Snyk, a Java Champion since 2014, JavaOne Rockstar speaker in 2014 and 2017, Duke’s Choice award winner, Virtual JUG founder and organiser, and London Java Community co-leader. He is an experienced speaker, having presented at JavaOne, DevoxxBE, UK, & FR,...
Read moreSpeaker
Simon Maple
Field CTO @snyksec
Date
Wednesday May 11 / 12:30PM EDT (50 minutes)
Track
Topics
JavaApplication SecuritySecurityAdd to Calendar
Add to calendarShare
From the same track
Deterministic, Reproducible, Unsurprising Releases in the Serverless Era
Wednesday May 11 / 09:00AM EDT
Serverless has many advantages, to reap the benefits from this recent paradigm your application must tackle new challenges. Testing and traceability introduce some new considerations that may take by surprise even the most seasoned Java developer.In this session we will explore...
Ix-chel Ruiz
DA, Senior Software Developer @jFrog
Project Loom: Revolution in Java Concurrency or Obscure Implementation Detail?
Wednesday May 11 / 10:10AM EDT
Loom’s promise: simplify concurrency the way garbage collection simplified memory management. It became transparent and almost forgettable. It's an effort to bring lightweight threads to the JVM. Such threads have low memory and scheduling footprint so that you can create millions of...
Tomasz Nurkiewicz
Java Champion and CTO @DevSkiller
Staying JDK: Current in Production
Wednesday May 11 / 11:20AM EDT
At the time of Qcon London, Java will have been on a fast release cadence for almost 5 years. This talk addresses the less often mentioned aspect: adopting JDK upgrades. I will discuss different perspectives towards Java upgrades and possible migration paths. How to plan and execute an...
Andrzej Grzesik
Platform @RevolutApp