Security19 Videos

J-Fall 2018: Simon Maple – Common vulnerabilities you wish your Java app didn’t have!

This session takes some of the most common vulnerabilities found in the Java eco-system, breaks them down and shows how simple code can exploit them. We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues. Simon Maple Simon […]

Future Tech 2019: Brenno de Winter – Resilience starts with code. Any attack starts with code

Bad code installed and smart exploits created. As soon as espionage or other APT’s are involved vague terms, lack of understanding and especially fear kick in. Common sense dictates other behavior. In this talk we focus on what we can do, what we should do and especially what you can do. Surviving digital xenophobia begins with replacing […]

TEQnation 2019: Julie Matviyuk – Friendly fire: how security software messes up

Have you ever wondered why, in the era of Deep Learning and hover-boards*, security software can still mess up? Why is it so challenging to distinguish clean files from malware? Here are 10 simple tips to make sure your software won’t be blasted off customers’ machines. *(they don’t really hover) For the past 10 years, […]

J-Fall 2016 Speaker Ruben van Vreeland – How we Hacked LinkedIn and What Happened Next

The greatest web companies are ramping up their security, and for good reason. In this talk we will go into and advanced XSS attack on LinkedIn with demo’s dissecting how it works. A talk from the hacker himself, that ends with practical mitigations and common pitfalls. Finally, we will zoom out and reflect on how […]

TEQnation 2019: Seth Vargo – Base64 is not encryption – a better story for Kubernetes Secrets

Secrets are a key pillar of Kubernetes’ security model, used internally (e.g. service accounts) and by users (e.g. API keys), but did you know they are stored in plaintext? That’s right, by default all Kubernetes secrets are base64 encoded and stored as plaintext in etcd. Anyone with access to the etcd cluster has access to […]

J-Fall 2016 Speaker Luuk Buit – Web application security voor developers: tooling en best practices

Heel vervelend: vlak voordat je live gaat wordt er nog een pentest uitgevoerd en op het allerlaatste moment mag jij nog wat security problemen oplossen. Herkenbaar? Het zou veel beter zijn als je tijdens het ontwikkelen al direct veilige software schrijft. Je zit dan nog helemaal in de flow en hoeft er later niet meer […]

TEQnation 2019: Brian Vermeer – Live exploiting your open source dependencies

Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s […]

J-Fall 2017 Speaker Rudy de Busscher – Getting started with Java EE Security API

This session starts with a short overview of the concepts which are defined within the new Java EE Security API (JSR-375) Once we all know what we are talking about, some example applications will be shown to illustrate these concepts. They will use a variety of external systems (like a database, LDAP server, Google OAuth2, […]

TEQnation 2019: Erwin de Gier – Building a cloud native Crypto Currency platform with WebFlux

Full title: Building a cloud native Crypto Currency trading platform with Spring WebFlux Using events is a powerful alternative to REST-based communication in microservices. However, it comes with its own challenges: For instance, dealing with eventual consistency, synchronisation of state, and writing code which can handle asynchronous business logic. In this talk we explain how […]

J-Fall 2015 Speaker Gerke Kok – Identity and Access Management in the 21st century

Java EE applicaties zijn vaak afgeschermd. Iedereen heeft wel eens te maken gehad met identificatie van gebruikers. Het is heel verleidelijk om een simpel tabelletje te maken met username en wachtwoord. Maar dan begint het werk pas. Is het wel veilig? En wat als men het wachtwoord vergeten is? Kunnen we niet met Facebook inloggen? […]