Security19 Videos

J-Spring Digital: Brian Vermeer – Know thy neighbours: dependency management done right

We all love scaffolders like Spring Boot Initialzr. It creates a brand new app with all the latest versions of the libraries we need to get going, enabling us to build awesome applications quickly. But after creating our initial application who is responsible for the dependency management and what happens over time when new features […]

J-Fall Virtual 2020: Brian Vermeer – Securing Containers by Breaking in

There’s no better way to understand container security than seeing some live hacking! This session introduces the state of docker security by reviewing vulnerabilities in Docker images and their impact on applications and demonstrates via hands-on live hacking. This session further provides the audience with security best practices when building docker container images, and each […]

J-Fall 2018: Simon Maple – Common vulnerabilities you wish your Java app didn’t have!

This session takes some of the most common vulnerabilities found in the Java eco-system, breaks them down and shows how simple code can exploit them. We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues. Simon Maple Simon […]

Future Tech 2019: Brenno de Winter – Resilience starts with code. Any attack starts with code

Bad code installed and smart exploits created. As soon as espionage or other APT’s are involved vague terms, lack of understanding and especially fear kick in. Common sense dictates other behavior. In this talk we focus on what we can do, what we should do and especially what you can do. Surviving digital xenophobia begins with replacing […]

TEQnation 2019: Julie Matviyuk – Friendly fire: how security software messes up

Have you ever wondered why, in the era of Deep Learning and hover-boards*, security software can still mess up? Why is it so challenging to distinguish clean files from malware? Here are 10 simple tips to make sure your software won’t be blasted off customers’ machines. *(they don’t really hover) For the past 10 years, […]

J-Fall 2016 Speaker Ruben van Vreeland – How we Hacked LinkedIn and What Happened Next

The greatest web companies are ramping up their security, and for good reason. In this talk we will go into and advanced XSS attack on LinkedIn with demo’s dissecting how it works. A talk from the hacker himself, that ends with practical mitigations and common pitfalls. Finally, we will zoom out and reflect on how […]

TEQnation 2019: Seth Vargo – Base64 is not encryption – a better story for Kubernetes Secrets

Secrets are a key pillar of Kubernetes’ security model, used internally (e.g. service accounts) and by users (e.g. API keys), but did you know they are stored in plaintext? That’s right, by default all Kubernetes secrets are base64 encoded and stored as plaintext in etcd. Anyone with access to the etcd cluster has access to […]

J-Fall 2016 Speaker Luuk Buit – Web application security voor developers: tooling en best practices

Heel vervelend: vlak voordat je live gaat wordt er nog een pentest uitgevoerd en op het allerlaatste moment mag jij nog wat security problemen oplossen. Herkenbaar? Het zou veel beter zijn als je tijdens het ontwikkelen al direct veilige software schrijft. Je zit dan nog helemaal in de flow en hoeft er later niet meer […]

TEQnation 2019: Brian Vermeer – Live exploiting your open source dependencies

Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s […]

J-Fall 2017 Speaker Rudy de Busscher – Getting started with Java EE Security API

This session starts with a short overview of the concepts which are defined within the new Java EE Security API (JSR-375) Once we all know what we are talking about, some example applications will be shown to illustrate these concepts. They will use a variety of external systems (like a database, LDAP server, Google OAuth2, […]