Speaker Details

Shaun Smith
Oracle Labs

Shaun leads GraalVM product and developer relations at Oracle where he’s developed multiple Java application deployment cloud services and has been active in a number of open source projects including GraalVM and various Eclipse projects including EclipseLink, the Java Persistence API reference implementation. Shaun is an experienced speaker who has presented at Devoxx(es), Jfocus, GIDS, JavaOne, QCon, JAX, EclipseCon, and many other developer conferences and JUGS around the world. You can find him on Twitter @shaunMsmith and Mastodon @shaunmsmith@mastodon.social.

Recent high profile vulnerability exploits have increased the focus on Java security. But application security is more than just keeping up with the latest JDK security fixes and running scanners. You can take active steps to harden your application by reducing the attack surface area of both the application and the operating system (container image) it’s deployed on. In this session we’ll share some practical techniques for harden applications including using Jlink to remove unused modules, GraalVM Native Image to eliminate all unused classes and methods, and minimal container images that strip out all unnecessary packages to provide just enough operating system for an application. We’ll even see how it’s possible to deploy a fully self-contained minimal Java application on a scratch image!