Stranger Danger - Your Java Attack Surface Just Got Bigger

Dive into a comprehensive live-hacking session focused on Java and cloud-native application security. Explore common threats, vulnerabilities, and misconfigurations in modern software development, from open-source dependencies to containerization and infrastructure as code. Learn about critical issues like path traversal, the Log4j vulnerability, and Docker image security. Discover actionable remediation strategies and best practices to protect your applications throughout the DevSecOps lifecycle. Gain insights into the expanding attack surface of Java applications and understand the shared responsibility of security in today's software-driven world.

- Stream Start
- Intro
- Understanding DevSecOps
- What are the problems in DevSecOps?
- How bad is the situation?
- Java Demo Application
- Snyk Plugin Alerting to Security Issues in Your Code
- Path Traversal Issue in Code
- Open Source and How Things Can Go Wrong
- Example of Open Source Problems in the Demo App
- What Your App Consists Of
- Open Source Usage Has Exploded
- Understanding Log4j Vulnerability
- Demo of Exploiting Log4j Vulnerability
- Java Serialization Issues
- I am root
- How Confident are Open Source Maintainners in Security
- Who is responsible for security?
- Next Layer of the Modern App Iceberg
- Vulnerabilities per Docker image
- Let's Hack Containers
- I am root again!
- Infrastructure as Code and what security concerns to consider
- What is the solution?
- Snyk Demo
- DevSecOps Recap
- Closing