Talk proposal
Nicolas Frankel
nicolas.frankel at exoscale.com
Tue Nov 6 09:52:16 CET 2018
Hello everyone,
Here a talk proposal for FOSDEM:
Title: Securing the JVM, neither for fun nor for profit, but do you really
have a choice?
Abstract:
Consider a Java application in a private banking system. A new network
administrator is hired, and while going around, he notices that the app is
making network calls to an unknown external endpoint. After some
investigation, it’s found that this app has been sending for years
confidential data to a competitor (or a state, or hackers, whatever). This
is awkward. Especially since it could have been avoided.
Code reviews are good to improve the hardening of an application, but what
if the malicious code was planted purposely? Some code buried in a commit
could extract code from binary content, compile it on the fly, and then
execute the code in the same JVM run… By default, the JVM is not secured!
Securing the JVM for a non-trivial application is complex and
time-consuming but the risks of not securing it could be disastrous. In
this talk, I’ll show some of the things you could do in an unsecured JVM.
I’ll also explain the basics of securing it, and finally demo a working
process on how to do it.
Note for the organizers:
The Security Manager is ages old, but interestingly enough, every time I
gave this talk, nearly 95% of the room didn't know about it. Since running
an unsecured JVM is very risky, I believe a lot of people can benefit from
that talk.
Recording:
Acceptable under the license proposed
Bio:
After 15+ years experience consulting for many different customers, in a
wide range of contexts (such as telecoms, banking, insurances, large retail
and public sector), recently turned coat to a Developer Advocacy career
path. Usually working on Java/Java EE and Spring technologies, but with
specific interests like Kotlin, Software Quality, Build Processes and Rich
Internet Applications. Currently working for Exoscale. Also double as a
teacher in universities and higher education schools, a trainer and triples
as a book author.
Microblog:
https://twitter.com/nicolas_frankel
Blog:
https://blog.frankel.ch/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fosdem.org/pipermail/java-devroom/attachments/20181106/8e625e11/attachment.html>
More information about the java-devroom
mailing list