Security19 Videos

J-Fall 2016 Speaker Ruben van Vreeland – How we Hacked LinkedIn and What Happened Next

The greatest web companies are ramping up their security, and for good reason. In this talk we will go into and advanced XSS attack on LinkedIn with demo’s dissecting how it works. A talk from the hacker himself, that ends with practical mitigations and common pitfalls. Finally, we will zoom out and reflect on how […]

TEQnation 2019: Seth Vargo – Base64 is not encryption – a better story for Kubernetes Secrets

Secrets are a key pillar of Kubernetes’ security model, used internally (e.g. service accounts) and by users (e.g. API keys), but did you know they are stored in plaintext? That’s right, by default all Kubernetes secrets are base64 encoded and stored as plaintext in etcd. Anyone with access to the etcd cluster has access to […]

J-Fall 2016 Speaker Luuk Buit – Web application security voor developers: tooling en best practices

Heel vervelend: vlak voordat je live gaat wordt er nog een pentest uitgevoerd en op het allerlaatste moment mag jij nog wat security problemen oplossen. Herkenbaar? Het zou veel beter zijn als je tijdens het ontwikkelen al direct veilige software schrijft. Je zit dan nog helemaal in de flow en hoeft er later niet meer […]

TEQnation 2019: Brian Vermeer – Live exploiting your open source dependencies

Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s […]

J-Fall 2017 Speaker Rudy de Busscher – Getting started with Java EE Security API

This session starts with a short overview of the concepts which are defined within the new Java EE Security API (JSR-375) Once we all know what we are talking about, some example applications will be shown to illustrate these concepts. They will use a variety of external systems (like a database, LDAP server, Google OAuth2, […]

TEQnation 2019: Erwin de Gier – Building a cloud native Crypto Currency platform with WebFlux

Full title: Building a cloud native Crypto Currency trading platform with Spring WebFlux Using events is a powerful alternative to REST-based communication in microservices. However, it comes with its own challenges: For instance, dealing with eventual consistency, synchronisation of state, and writing code which can handle asynchronous business logic. In this talk we explain how […]

J-Fall 2015 Speaker Gerke Kok – Identity and Access Management in the 21st century

Java EE applicaties zijn vaak afgeschermd. Iedereen heeft wel eens te maken gehad met identificatie van gebruikers. Het is heel verleidelijk om een simpel tabelletje te maken met username en wachtwoord. Maar dan begint het werk pas. Is het wel veilig? En wat als men het wachtwoord vergeten is? Kunnen we niet met Facebook inloggen? […]

J-Spring 2019: Adam Bien – Kickass Apps with Boring Tech: Interactive Hacking #Slideless

What happens, when you focus on the domain and ignore the technology? In this session I will hack a full stack application from microservice backend to WebStandards frontend without any esoteric frameworks, technologies or libraries. Questions are highly welcome and are going to be answered in real time. Bio Adam Adam Bien: Java (EE), Jakarta […]

FutureTech Preview

Future Tech is the new conference for and by Developers and IT professionals who work with Microsoft technologies (C#, .NET Framework and web technologies). Future Tech is the event in the Netherlands for everyone who has passions for tech! The main goal of Future Tech is to share all the available knowledge, ideas, know-how about […]

J-Spring 2019: Brian Vermeer – Live exploiting your open source dependencies

Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s […]