Hairy Security

FOSDEM 2018

Hairy Security

It's getting dangerous out there, it's all over the news, IT security is simply no longer something one can ignore.

In this session we'll model all the threats to a typical web application powered by a Java back-end. We’ll have fun, state the obvious, debate and debunk a few security myths, because, remember, It’s not a question of 'if' but 'when' you’ll be hacked, at the end of this session, you’ll decide for yourself if it's really time for this Java web app to go live !

It's a fun, pragmatic, very instructive talk we've been doing in the past (well received at Devoxx France for instance)

It's getting dangerous out there, it's all over the news, IT security is simply no longer something one can ignore.

In this session we'll model all the threats to a typical web application powered by a Java back-end. We’ll have fun, state the obvious, debate and debunk a few security myths:

Yes, strong security comes at price, it requires a brain,
No, strong security does not mean crappy user experience,
No, there is no silver bullet, be pragmatic,
Yes, they are many standards and frameworks (saml, oauth, jwt, 2-way-ssl ...) ** we'll showcase a few and debate when to choose what
Yes, SELinux and the Java SecurityManager can be your friends
Yes, Security needs to be baked into all your automation and continuous integration. Secret Management is key

Remember, It’s not a question of 'if' but 'when' you’ll be hacked, at the end of this session, you’ll decide for yourself if it's really time for this Java web app to go live !

It's a fun, pragmatic, very instructive talk we've been doing in the past (well received at Devoxx France for instance)

Speakers: Romain Pelisse Damien Plard