By milton smith-Oracle on Apr 07, 2014
JavaOne 2014 is Oracle's flagship software developers conference event for Java. Security has been a focus at the conference for many years but last year Oracle brought security to the forefront by including it as a track. If you have ideals for interesting Java security sessions we would be delighted to review them. The JavaOne CFP is open until April 14, 2014.
Back to the security track, each year the tracks highlight their early acceptance sessions to build momentum for the conference. This year I would like to highlight the following early acceptance sessions for the security track and show a little of what we are planning.
CON2120 Anatomy of Another Java Zero-Day Exploit
Presenter: David Svoboda, Software Security Engineer, Carnegie Mellon
Abstract: Java was recently hit by several major exploits. These exploits were written in pure Java and relied on several obscure components of the Java library. Understanding how exploits undermine Java security is a fundamental step in understanding and improving Java security and producing secure Java code. Consequently, this session demonstrates and examines a public exploit. It dissects the code of the exploit and illustrates how the exploit managed to attack an unpatched Java Virtual Machine, focusing on the techniques the exploit used, with references to relevant guidelines from the CERT Oracle Secure Coding Standard for Java. The session concludes with an explanation of how Java was patched to defeat the exploit.
CON1713 Leveraging Open Source for Secure Java Website Construction
Presenter: Jim Manico, Secure Coding Instructor, Manicode Security (JavaOne Rock Star)
Abstract: The need to master the skills required to build secure Java web and webservice applications gets stronger every day. There is help for you in the world of opens source! Do not build your own web application security controls from scratch! This presentation describes the use of several Oracle, OWASP, Apache and Google open source Java projects that are essential tools for constructing a secure web application.
In addition to community speakers, we will have Oracle experts from the Java security team to discuss new security features and improvements like the recent release of Java SE 8. See you at JavaOne!