Devoxx UK 2019
from Wednesday 8 May to Friday 10 May 2019.
Simon is the Director of Developer Advocacy at Snyk, a Java Champion since 2014, JavaOne Rockstar speaker in 2014, Duke's Choice award winner in 2016, Virtual JUG founder and organiser, and London Java Community co-leader. He is an experienced speaker, having presented at JavaOne, JavaZone, Jfokus, DevoxxUK, DevoxxFR, JavaZone, JMaghreb and many more including many JUG tours. His passion is around user groups and communities. When not traveling, Simon enjoys spending quality time with his family, cooking and eating great food.
See also https://snyk.io/blog
Serverless rocks the security boat. Ad-hoc servers we don’t manage rids us of certain security concerns, while the proliferation of cheap micro services raises others. In this talk, we’ll experience these security concerns live. We’ll break into a vulnerable Spring Cloud Function based application and exploit multiple weaknesses, helping you better understand the mistakes you can make, their implications, and how you can avoid them.
In this session, you will see FIVE security hacks, including a directory traversal, Cross Site Scripting, Regular Expression Denial of Service, NoSQL injection and type manipulation. If we have time, we'll also show both an Apache Struts attack and Spring Data Rest exploit that can both execute remote commands on your servers! Come along it you want to see Simon collapse after blundering through five minutes of typos.