The Anatomy of Java Vulnerabilities

Explore the world of Java vulnerabilities in this 56-minute Devoxx conference talk. Delve into the reasons behind Java's reputation for security issues, both in client-side plugins and server-side applications. Learn about the reporting, management, and fixing of vulnerabilities, as well as specific attack vectors and their definitions. Discover how to defend your code against the rising tide of cybercrime through practical examples and code demonstrations. Gain insights into topics such as deserialization exploits, cryptography, social engineering, and the tools used by cybercriminals. Understand the importance of addressing security concerns in Java development and acquire strategies to reduce your exposure to potential threats.

Intro
Steves background
Double pals
Floating numbers
Missing error code
Deserialization
Exploit
Vulnerabilities
CVA
Assessment
Assess
Attack vectors
Un untrusted code
Cryptography
Social engineering
How to trust
Why should you care
Drug trade vs cybercrime
Finding a server with a vulnerability
The tools
Its getting worse
What else can you do
Summary