Session + Live Q&A

Securing Java Applications in the Age of Log4Shell

On December 10th 2021, a new critical vulnerability, Log4Shell, was publicly disclosed and make global headlines. It impacted a wide number of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide.

In this session, we'll briefly cover what caused the issue, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more. 

The majority of the session will look at how we can be more proactive and defensive in our decisions for future Log4Shell like scenarios. We'll take a look at where risk is being introduced into our applications and pipelines, and how we can identify and reduce this risk up front, as well as be better prepared to react to these types of incidents in future.


Speaker

Simon Maple

Field CTO @snyksec

Simon Maple is the Field CTO at Snyk, a Java Champion since 2014, JavaOne Rockstar speaker in 2014 and 2017, Duke’s Choice award winner, Virtual JUG founder and organiser, and London Java Community co-leader. He is an experienced speaker, having presented at JavaOne, DevoxxBE, UK, & FR,...

Read more

Date

Tuesday Apr 5 / 04:10PM BST (50 minutes)

Location

Mountbatten, 6th flr.

Track

Modern Java

Topics

JavaSecurity

Add to Calendar

Add to calendar

Share

From the same track

UNCONFERENCE + Live Q&A

Unconference: Modern Java

Tuesday Apr 5 / 02:55PM BST

Details coming soon.

Session + Live Q&A Java

Quarkus and Kubernetes: The Fellowship of Cloud-Native Java

Tuesday Apr 5 / 05:25PM BST

What is the first thought that comes to mind when you see the syntagm "Cloud-Native applications"? Building small, fast, and loosely coupled services…But how and most importantly, why?In this talk, we'll start by looking at why to create native applications and continue with...

Ana-Maria Mihalceanu

Developer Advocate @RedHat

Session + Live Q&A Java

Staying JDK: Current in Production

Tuesday Apr 5 / 11:50AM BST

At the time of Qcon London, Java will have been on a fast release cadence for almost 5 years. This talk addresses the less often mentioned aspect: adopting JDK upgrades.  I will discuss different perspectives towards Java upgrades and possible migration paths. How to plan and execute an...

Andrzej Grzesik

Platform @RevolutApp

Session + Live Q&A Java

Panel: Java in a Modern World - Beyond Cloud Native?

Tuesday Apr 5 / 01:40PM BST

New Java is a bit like old Java, but it’s faster, nimbler, changes often, and is designed for the cloud. What does this mean for us? Can we continue developing Java the same old way, or do we need to be adapting? And if so, how? How do we keep pace, while staying secure? What changes should...

Ana-Maria Mihalceanu

Developer Advocate @RedHat

Andrzej Grzesik

Platform @RevolutApp

Ix-chel Ruiz

DA, Senior Software Developer @jFrog

Simon Maple

Field CTO @snyksec

Session + Live Q&A Java

Deterministic, Reproducible, Unsurprising Releases in the Serverless Era

Tuesday Apr 5 / 10:35AM BST

Serverless has many advantages, to reap the benefits from this recent paradigm your application must tackle new challenges. Testing and traceability introduce some new  considerations that may take by surprise even the most seasoned Java developer.In this session we will explore...

Ix-chel Ruiz

DA, Senior Software Developer @jFrog

View full Schedule