On Tuesday June 18th it’s all about securing your Java code in a DevOps world. We all know that security is important, since we don't want our application to be in the news because of a hack. We will live code and protect a Spring Boot application and configure/prepare our build and CI/CD environment to check for security vulnerabilities.
18:30 Doors open + Burgers
19:00 Hinse ter Schuur
20:15 Marten Deinum
21:15 End + drinks
Talk 1: Practical Security in a DevOps world
Currently, in the fast changing world we do not release once a year but twice a day. With a traditional security team that needs to check each release this will be a problem.
We all know that security is important, since we don't want our application to be in the news because of a hack. A security department which acts as a tollgate can help in keeping applications secure, but conflicts with the flexibility we would like to have.
This talk will provide you with some key takeaways on how you as a Developer can both release fast and often and be secure at the same time.
Hinse ter Schuur
Hinse is an experienced Scala and Java software at SDB Java. He is passionate about the right abstractions, clean code and cyber security and he loves to share his experience with others in order to learn together.
Talk 2: Abstract
Security in an application is often implemented as an afterthought and is generally only focussed on implementing security rules for controlling access. However when developing an application or rather a system there are more things to take into consideration regarding security. To mention a few:
- Possible attack vectors for the application (CSRF attacks or XSS attacks)
- Security vulnerabilities in the platform and frameworks used
- Security vulnerabilities in the container produced by the build
- Certificates, TLS and used ciphers
In this session we will take a look at how we can use the build and continuous integration environment to create a secure development environment and automatically detect security flaws in our system. We will live code and protect a Spring Boot application and configure/prepare our build and CI/CD environment to check for security vulnerabilities.
Marten is a Java / Spring Consultant at Conspect. He has been working with Java for over 20 years. He has been a Spring fan, user and advocate since he read "J2EE Design and Development" in 2003. As an author he has written several books on Spring and Spring Boot. When not developing software or writing books he can be found around water either teaching Lifesaving or SCUBA diving.