This course aims to help Java and cloud native application developers understand common threats, vulnerabilities, and misconfigurations in their software. By demonstrating exploits and providing actionable remediation, participants will learn how to protect their applications. The course covers topics such as DevSecOps, open-source dependencies, Docker containers, Kubernetes, Log4j vulnerability, Java serialization issues, and infrastructure as code security concerns. The teaching method includes live-hacking sessions and practical demonstrations. This course is intended for Java developers, cloud native application developers, software engineers, and individuals interested in software security.
Stranger Danger - Your Java Attack Surface Just Got Bigger
Overview
Syllabus
- Stream Start
- Intro
- Understanding DevSecOps
- What are the problems in DevSecOps?
- How bad is the situation?
- Java Demo Application
- Snyk Plugin Alerting to Security Issues in Your Code
- Path Traversal Issue in Code
- Open Source and How Things Can Go Wrong
- Example of Open Source Problems in the Demo App
- What Your App Consists Of
- Open Source Usage Has Exploded
- Understanding Log4j Vulnerability
- Demo of Exploiting Log4j Vulnerability
- Java Serialization Issues
- I am root
- How Confident are Open Source Maintainners in Security
- Who is responsible for security?
- Next Layer of the Modern App Iceberg
- Vulnerabilities per Docker image
- Let's Hack Containers
- I am root again!
- Infrastructure as Code and what security concerns to consider
- What is the solution?
- Snyk Demo
- DevSecOps Recap
- Closing
Taught by
Snyk
