Security Warning: Your Java Attack Surface Just Got Bigger

Voting no longer possible
Voting enabled when talk has started

Building cloud-native Java applications is undoubtedly awesome.

However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things.

Blindly depending on open-source libraries and Docker images can form a massive risk for your application.

The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data.

Join this talk where we’ll show common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j.

Most importantly, you’ll learn how to protect your application with actionable remediation and best practices.

Brian Vermeer


Sr. Developer Advocate for Snyk, Java Champion, and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is a JUG leader for the Virtual JUG and the NLJUG. He also co-leads the DevSecCon community and is a community manager for Foojay. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that, Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.