What is this event about?
Presentation #1:
Supply Chain Sec for Developers by Sven Ruppert (JFrog)
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on in the beginning? This, of course, raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be included in this security strategy.
In the recent past, we have also learned that attacks such as the "Solarwinds Hack" are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
We deal with the following questions:
-- What potential threats are there in general?
-- What are classic attack points in software development from the source code to binary?
-- What free tools are there, and where should they be used?
-- How can I arm myself against the challenges of cyber attacks today?
Presentation #2:
Log4Shell: A secure development perspective by Sebastian Olsson (Truesec)
The critical vulnerability known as Log4Shell shook much of the security world in December 2021. It also affected countless Java development teams depending on the ubiquitous Log4j library. Much has been written about exploit patterns and protections, but what was the vulnerability really? And how can we avoid similar issues in our applications?
In this talk we look at the anatomy of the vulnerability, how the patches work and how secure coding patterns reduce such risks. We do this by walking through the main developments and confusions as things unfolded.
Speaker´s bio:
Sven Rupper (JFrog)
Sven Ruppert has been coding Java since 1996 in industrial projects, is working as Developer Advocate for JFrog and Groundbreaker Ambassador (former Oracle Developer Champion). He is regularly speaking at Conferences worldwide and contributes to IT periodicals, as well as tech portals. He was working over 15 years as a consultant worldwide in industries like Automotive, Space, Insurance, Banking, UN and WorldBank. In addition to his main topic DevSecOps he is working on Mutation Testing of Web apps and Distributed UnitTesting besides his evergreen topics Core Java and Kotlin.
Sebastian Olsson (Truesec)
Sebastian is technical lead of the application security/secure development team at Truesec. He enjoys projects where security is a core requirement, especially if it includes working on cryptography, secure communications, identities and distributed systems. His work often includes analyzing the security of software architecture and development life cycles as well as auditing security critical code. …...more
...more
Show less
