SlideShare une entreprise Scribd logo

Stranger Danger: Your Java Attack Surface Just Got Bigger | JBCNConf 2022

Brian Vermeer
Brian Vermeer

Slides from my talk at JBCNConf 2022

Technologie
1  sur  42
Télécharger pour lire hors ligne
Stranger Danger: Your Java Attack Surface Just Got Bigger Brian Vermeer | @BrianVerm JBCNConf 2022
@BrianVerm DevSecOps
@BrianVerm Brian Vermeer Sr. Developer Advocate DevSecCon co-leader NLJUG leader Virtual JUG leader Java Champion Foojay Community Manager Security
@BrianVerm What are the problems ? Lack of security focus throughout the app lifecycle Software delivery sped up with little thought to security Silo-ed security expertise Customer data could be compromised
@BrianVerm How bad is the Situation?
@BrianVerm The modern application A New Risk Profile ● 80-90% of codebase is Open Source ● 80% of vulnerabilities found in indirect dependencies ● 100s of Linux packages inherited from public sources ● Built, deployed & scaled in seconds ● #1 cloud vulnerability is misconfiguration [NSA] ● Network access, storage, servers - deployed 
 as fast as code ● 10-20% of code is custom - and digital transformation increases pressure to deliver more and faster. Code Open Source Containers Infrastructure as Code
@BrianVerm The modern application A New Risk Profile ● 80-90% of codebase is Open Source ● 80% of vulnerabilities found in indirect dependencies ● 100s of Linux packages inherited from public sources ● Built, deployed & scaled in seconds ● #1 cloud vulnerability is misconfiguration [NSA] ● Network access, storage, servers - deployed 
 as fast as code ● 10-20% of code is custom - and digital transformation increases pressure to deliver more and faster. Code Open Source Containers Infrastructure as Code
@BrianVerm The modern application A New Risk Profile ● 80-90% of codebase is Open Source ● 80% of vulnerabilities found in indirect dependencies ● 100s of Linux packages inherited from public sources ● Built, deployed & scaled in seconds ● #1 cloud vulnerability is misconfiguration [NSA] ● Network access, storage, servers - deployed 
 as fast as code ● 10-20% of code is custom - and digital transformation increases pressure to deliver more and faster. Code Open Source Containers Infrastructure as Code
@BrianVerm The modern application A New Risk Profile ● 80-90% of codebase is Open Source ● 80% of vulnerabilities found in indirect dependencies ● 100s of Linux packages inherited from public sources ● Built, deployed & scaled in seconds ● #1 cloud vulnerability is misconfiguration [NSA] ● Network access, storage, servers - deployed 
 as fast as code ● 10-20% of code is custom - and digital transformation increases pressure to deliver more and faster. Code Open Source Containers Infrastructure as Code /hello?user=<script>alert(1)</script>
@BrianVerm The modern application A New Risk Profile ● 80-90% of codebase is Open Source ● 80% of vulnerabilities found in indirect dependencies ● 100s of Linux packages inherited from public sources ● Built, deployed & scaled in seconds ● #1 cloud vulnerability is misconfiguration [NSA] ● Network access, storage, servers - deployed 
 as fast as code ● 10-20% of code is custom - and digital transformation increases pressure to deliver more and faster. Code Open Source Containers Infrastructure as Code <script>alert(1)</script> <b onmouseover=alert('Woof!')>click me!</b> <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);> <IMG SRC=j&#X41vascript:alert('test2')>

@BrianVerm The modern application A New Risk Profile ● 80-90% of codebase is Open Source ● 80% of vulnerabilities found in indirect dependencies ● 100s of Linux packages inherited from public sources ● Built, deployed & scaled in seconds ● #1 cloud vulnerability is misconfiguration [NSA] ● Network access, storage, servers - deployed 
 as fast as code ● 10-20% of code is custom - and digital transformation increases pressure to deliver more and faster. Code Open Source Containers Infrastructure as Code
cost so far 140M until discovered 76d 2.0B US consumers affected
@BrianVerm Your app
@BrianVerm Your app Your 
 code
222 Lines of Code 5 Direct dependencies 54 dependencies (incl. indirect) 460,046 Lines of Code Spring Serverless Example
@BrianVerm Open Source Usage 
 Has Exploded
@BrianVerm Attackers Are 
 Targeting Open Source One Vulnerability, many victims
@BrianVerm New Packages Created by ecosystem per year
@BrianVerm Vulnerabilities identified in ecosystems
@BrianVerm Vulnerabilities in direct versus indirect dependencies
of projects have Log4j as transitive dependency 17K attempted attacks in 72h 800K 57% Java packages impacted
@BrianVerm Log4J
 JNDI & LDAP

@BrianVerm soo public class Evil implements ObjectFactory { @Override public Object getObjectInstance (Object obj, Name name, Context nameCtx, Hashtable<?, ?> environment) throws Exception { String[] cmd = { "/bin/sh", "-c", "open -a Calculator" }; Runtime.getRuntime().exec(cmd); return null; } }
@BrianVerm https://snyk.io/blog/log4j-rce-log4shell-vulnerability- cve-2021-44228/
@BrianVerm OS maintainers are confident in their own security knowledge
@BrianVerm
@BrianVerm Who should be responsible for security?
@BrianVerm Who should be responsible for security?
@BrianVerm The modern application A New Risk Profile ● 80-90% of codebase is Open Source ● 80% of vulnerabilities found in indirect dependencies ● 100s of Linux packages inherited from public sources ● Built, deployed & scaled in seconds ● #1 cloud vulnerability is misconfiguration [NSA] ● Network access, storage, servers - deployed 
 as fast as code ● 10-20% of code is custom - and digital transformation increases pressure to deliver more and faster. Code Open Source Containers Infrastructure as Code
@BrianVerm Vulnerabilities per Docker image
@BrianVerm When do you scan your Docker image for OS vulns?
@BrianVerm How do you find out about new vulns in your deployed containers?
@BrianVerm Let’s HACK!
@BrianVerm The modern application A New Risk Profile ● 80-90% of codebase is Open Source ● 80% of vulnerabilities found in indirect dependencies ● 100s of Linux packages inherited from public sources ● Built, deployed & scaled in seconds ● #1 cloud vulnerability is misconfiguration [NSA] ● Network access, storage, servers - deployed 
 as fast as code ● 10-20% of code is custom - and digital transformation increases pressure to deliver more and faster. Code Open Source Containers Infrastructure as Code
@BrianVerm What is the Solution? What do people care about and how should they collaborate Culture The best way to adopt a new practice is to integrate into existing processes Process Pick the tooling that fits your process
 Automate away manual steps Tooling
@BrianVerm Snyk Code
@BrianVerm Snyk Open Source
@BrianVerm Snyk Container
@BrianVerm Snyk Infrastructure as Code
@BrianVerm CI/CD Git repository Traditional/PaaS Serverless Production DevSecOps: Continuous Security, Integrated throughout DevOps Registry deploy Code Test & fix Test, fix, monitor Kubernetes Monitor & more... build submit Test, fix, monitor
@BrianVerm “Shift left” is not enough Empowering developers to build applications securely within the entire development process Empower developers Enable security teams
@BrianVerm Thank you Develop fast. Stay secure.

Recommandé

Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
Protecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaCProtecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaC
Fernando Cardoso
 
Zerovm backgroud
Zerovm backgroudZerovm backgroud
Zerovm backgroud
UT, San Antonio
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
Graeme Wood
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 

Recommandé

Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Black Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Tim Mackey
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
Eric Smalling
 
Protecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaCProtecting Pipeline DevOps and IaC
Protecting Pipeline DevOps and IaC
Fernando Cardoso
 
Zerovm backgroud
Zerovm backgroudZerovm backgroud
Zerovm backgroud
UT, San Antonio
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
Graeme Wood
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Tim Mackey
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Black Duck by Synopsys
 
stackconf 2021 | Continuous Security – integrating security into your pipelines
stackconf 2021 | Continuous Security – integrating security into your pipelinesstackconf 2021 | Continuous Security – integrating security into your pipelines
stackconf 2021 | Continuous Security – integrating security into your pipelines
NETWAYS
 
Ransomeware Recovery by Veeam
Ransomeware Recovery by VeeamRansomeware Recovery by Veeam
Ransomeware Recovery by Veeam
Tanawit Chansuchai
 
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCsa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Cloud Security Alliance, UK chapter
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
TzahiArabov
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attack
Yadnyawalkya Tale
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
Rogue Wave Software
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Shannon Williams
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)
Canturk Isci
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicro
dvmug1
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Alert Logic
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New World
C4Media
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
Quick Heal Technologies Ltd.
 
Teqnation 19 - Live Hacking
Teqnation 19 - Live Hacking Teqnation 19 - Live Hacking
Teqnation 19 - Live Hacking
Brian Vermeer
 
Don't be a trojan - Codemotion Amsterdam 2019
Don't be a trojan - Codemotion Amsterdam 2019Don't be a trojan - Codemotion Amsterdam 2019
Don't be a trojan - Codemotion Amsterdam 2019
Brian Vermeer
 

Contenu connexe

Similaire à Stranger Danger: Your Java Attack Surface Just Got Bigger | JBCNConf 2022

The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Tim Mackey
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Black Duck by Synopsys
 
stackconf 2021 | Continuous Security – integrating security into your pipelines
stackconf 2021 | Continuous Security – integrating security into your pipelinesstackconf 2021 | Continuous Security – integrating security into your pipelines
stackconf 2021 | Continuous Security – integrating security into your pipelines
NETWAYS
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
Rogue Wave Software
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicro
dvmug1
 

Similaire à Stranger Danger: Your Java Attack Surface Just Got Bigger | JBCNConf 2022 (20)

The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
stackconf 2021 | Continuous Security – integrating security into your pipelines
stackconf 2021 | Continuous Security – integrating security into your pipelinesstackconf 2021 | Continuous Security – integrating security into your pipelines
stackconf 2021 | Continuous Security – integrating security into your pipelines
 
Ransomeware Recovery by Veeam
Ransomeware Recovery by VeeamRansomeware Recovery by Veeam
Ransomeware Recovery by Veeam
 
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCsa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attack
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicro
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New World
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 

Plus de Brian Vermeer

Plus de Brian Vermeer (20)

Teqnation 19 - Live Hacking
Teqnation 19 - Live Hacking Teqnation 19 - Live Hacking
Teqnation 19 - Live Hacking
 
Don't be a trojan - Codemotion Amsterdam 2019
Don't be a trojan - Codemotion Amsterdam 2019Don't be a trojan - Codemotion Amsterdam 2019
Don't be a trojan - Codemotion Amsterdam 2019
 
Writing better functional java code devnexus
Writing better functional java code devnexusWriting better functional java code devnexus
Writing better functional java code devnexus
 
Writing better functional java code - devnexus
Writing better functional java code - devnexusWriting better functional java code - devnexus
Writing better functional java code - devnexus
 
Common mistakes functional java snyk
Common mistakes functional java snykCommon mistakes functional java snyk
Common mistakes functional java snyk
 
Don't be a trojan - Java2Days 2018
Don't be a trojan - Java2Days 2018Don't be a trojan - Java2Days 2018
Don't be a trojan - Java2Days 2018
 
Common mistakes made with Functional Java
Common mistakes made with Functional JavaCommon mistakes made with Functional Java
Common mistakes made with Functional Java
 
Common mistakes functional java devoxx
Common mistakes functional java devoxxCommon mistakes functional java devoxx
Common mistakes functional java devoxx
 
Common mistakes functional java | Oracle Code One 2018
Common mistakes functional java | Oracle Code One 2018Common mistakes functional java | Oracle Code One 2018
Common mistakes functional java | Oracle Code One 2018
 
Common mistakes functional java vjug
Common mistakes functional java vjugCommon mistakes functional java vjug
Common mistakes functional java vjug
 
Don't be a Trojan
Don't be a TrojanDon't be a Trojan
Don't be a Trojan
 
Ten common mistakes made with Functional Java JBCNConf18
Ten common mistakes made with Functional Java JBCNConf18Ten common mistakes made with Functional Java JBCNConf18
Ten common mistakes made with Functional Java JBCNConf18
 
Ten common mistakes made in Function Java
Ten common mistakes made in Function JavaTen common mistakes made in Function Java
Ten common mistakes made in Function Java
 
Ten common mistakes made in Function Java - iSense Java Summit
Ten common mistakes made in Function Java - iSense Java SummitTen common mistakes made in Function Java - iSense Java Summit
Ten common mistakes made in Function Java - iSense Java Summit
 
Java8 tgtbatu devoxxuk18
Java8 tgtbatu devoxxuk18Java8 tgtbatu devoxxuk18
Java8 tgtbatu devoxxuk18
 
Ten mistakes functional java
Ten mistakes functional javaTen mistakes functional java
Ten mistakes functional java
 
Identity Theft : Developers are key
Identity Theft : Developers are keyIdentity Theft : Developers are key
Identity Theft : Developers are key
 
Java(8) The Good, The Bad and the Ugly
Java(8) The Good, The Bad and the UglyJava(8) The Good, The Bad and the Ugly
Java(8) The Good, The Bad and the Ugly
 
Identity theft jfall17
Identity theft jfall17Identity theft jfall17
Identity theft jfall17
 
Java8 tgtbatu javaone
Java8 tgtbatu javaoneJava8 tgtbatu javaone
Java8 tgtbatu javaone
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Dernier (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Stranger Danger: Your Java Attack Surface Just Got Bigger | JBCNConf 2022