Security19 Videos

J-Spring Digital: Brian Vermeer – Know thy neighbours: dependency management done right

We all love scaffolders like Spring Boot Initialzr. It creates a brand new app with all the latest versions of the libraries we need to get going, enabling us to build awesome applications quickly. But after creating our initial application who is responsible for the dependency management and what happens over time when new features […]

J-Fall Virtual 2020: Brian Vermeer – Securing Containers by Breaking in

There’s no better way to understand container security than seeing some live hacking! This session introduces the state of docker security by reviewing vulnerabilities in Docker images and their impact on applications and demonstrates via hands-on live hacking. This session further provides the audience with security best practices when building docker container images, and each […]

J-Spring 2018: Simon Maple – Common vulnerabilities you wish your Java app didn’t have!

This session takes some of the most common vulnerabilities found in the Java eco-system, breaks them down and shows how simple code can exploit them. We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues. Bio Simon: Simon […]

J-Spring 2019: Emond Papegaaij – Oauth2 demystified

Almost every developer will have to face this at some point in his or her career: authorization with OAuth2. It doesn’t matter if you build mobile apps, web applications or even develop for embedded systems in the IoT, everybody seems to use OAuth2 nowadays. But how does this protocol work and what’s up with all […]

J-Spring 2018: Siren Hofvander – Making cookies healthy. Security in a web based world

Our world has grown more complicated since cookies were first baked into web browsers as a way around state-based obstacles and sessions. In the intervening years they have held everything from unsecured administrative credentials to language preferences and even our window scroll location. But while the wild-west years of plaintext credential storage are hopefully over, […]

J-Fall 2018: Maarten Mulders – SSL/TLS for Mortals

Using Transport Layer Security (TLS) the right way is often a big hurdle for developers. We prefer to have that one colleague perform “something with certificates”, because he/she knows how that works. But what if “that one colleague” is enjoying vacation and something goes wrong with the certificates? In this session we’ll take a close […]

J-Fall 2018: Simon Maple – Common vulnerabilities you wish your Java app didn’t have!

This session takes some of the most common vulnerabilities found in the Java eco-system, breaks them down and shows how simple code can exploit them. We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues. Simon Maple Simon […]

Future Tech 2019: Brenno de Winter – Resilience starts with code. Any attack starts with code

Bad code installed and smart exploits created. As soon as espionage or other APT’s are involved vague terms, lack of understanding and especially fear kick in. Common sense dictates other behavior. In this talk we focus on what we can do, what we should do and especially what you can do. Surviving digital xenophobia begins with replacing […]

TEQnation 2019: Julie Matviyuk – Friendly fire: how security software messes up

Have you ever wondered why, in the era of Deep Learning and hover-boards*, security software can still mess up? Why is it so challenging to distinguish clean files from malware? Here are 10 simple tips to make sure your software won’t be blasted off customers’ machines. *(they don’t really hover) For the past 10 years, […]

J-Fall 2016 Speaker Ruben van Vreeland – How we Hacked LinkedIn and What Happened Next

The greatest web companies are ramping up their security, and for good reason. In this talk we will go into and advanced XSS attack on LinkedIn with demo’s dissecting how it works. A talk from the hacker himself, that ends with practical mitigations and common pitfalls. Finally, we will zoom out and reflect on how […]