Loading…
SecAppDev 2019 has ended
View analytic
Tuesday, February 19 • 09:00 - 10:30
Live Hack - Exploiting and fixing common vulnerabilities in your Java web application

Sign up or log in to save this to your schedule and see who's attending!

This session shows by example how attackers exploit common vulnerabilities. For each issue, we cover the cause, the impact, and – most importantly – ways to avoid or mitigate the vulnerability.


Abstract
Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user's data.

In this session, we will demonstrate common vulnerabilities in our sample application, Goof. This application uses vulnerable libraries, just like many applications out there. For each issue, we explore why it happened, show its impact, and – most importantly – see how to avoid or fix it. Example vulnerabilities are the infamous Struts vulnerability, credited for the Equifax hack, Spring Break, and others.


This session is intended for anyone building (Java) web applications.

Speakers
BV

Brian Vermeer

Developer Advocate, Snyk


Tuesday February 19, 2019 09:00 - 10:30
West wing (room Lemaître)