Securing the JVM
Consider a Java application in a private banking system. A new network administrator is hired, and while going around, he notices that the app is making network calls to an unknown external endpoint. After some investigation, it’s found that this app has been sending for years confidential data to a competitor (or a state, or hackers, whatever). This is awkward. Especially since it could have been avoided. Code reviews are good to improve the hardening of an application, but what if the malicious code was planted purposely? Some code buried in a commit could extract code from binary content, compile it on the fly, and then execute the code in the same JVM run… By default, the JVM is not secured! Securing the JVM for a non-trivial application is complex and time-consuming but the risks of not securing it could be disastrous. In this talk, I’ll show some of the things you could do in an unsecured JVM. I’ll also explain the basics of securing it, and finally demo a working process on how to do it.
What will the audience learn from this talk? I'll show what a malicious attacker can do with on an unsecured JVM, and then demo what mitigations what can do to cope with that.
Does it feature code examples and/or live coding? Sure!
Prerequisite attendee experience level: Level 100
-
Space ShuttleStephen CarverMonday Nov 18 @ 08:45
-
Quantum ComputingJessica PointingTuesday Nov 19 @ 09:00
-
Composing Bach Chorales Using Deep LearningFeynman LiangMonday Nov 18 @ 13:20
-
Design For The Utopia You Want, Not The Dystopia You're InChris AthertonMonday Nov 18 @ 17:30
-
Is Business The Key To Making The World A Happier Place?Evan SutterTuesday Nov 19 @ 13:20
-
Party KeynoteSteve WozniakTuesday Nov 19 @ 18:10
-
Extreme Digitalization in ChinaChristina BoutrupWednesday Nov 20 @ 09:00
-
The Promise and Limitations of AIDoug LenatWednesday Nov 20 @ 13:20
-
How to Be Human in the Age of The MachineHannah FryWednesday Nov 20 @ 17:00