Hairy Security: the many threats to a web application
It's getting dangerous out there, it's all over the news, IT security is simply no longer something one can ignore.
In this session we'll model all the threats to a typical web application powered by a Java back-end. We’ll have fun, state the obvious, debate and debunk a few security myths:
- Yes, strong security comes at price, it requires a brain,
- No, strong security does not mean crappy user experience,
- No, there is no silver bullet, be pragmatic,
- Yes, they are many standards and frameworks (saml, oauth, jwt, 2-way-ssl ...) ** we'll showcase a few and debate when to choose what
- Yes, SELinux and the Java SecurityManager can be your friends
- Yes, Security needs to be baked into all your automation and continuous integration. Secret Management is key
Remember, It’s not a question of 'if' but 'when' you’ll be hacked, at the end of this session, you’ll decide for yourself if it's really time for this Java web app to go live !
Talk Type: Session 50 mn
Tracks: Software Architecture
Information for the organizer – for internal use only:
- One-Sentence Abstract: Hairy Security: the many threats to a Java web app.
It's a fun, pragmatic, very instructive talk we've been doing in the past (well received at Devoxx France for instance)
- Primary Theme: Security around web apps, and http API powered by Java
- Supporting Themes: it could fit other tracks as well like 'Devops`, up to you guys !