Most Active Speaker

Brian Vermeer

Brian Vermeer

Java Champion | Staff Developer Advocate @ Snyk

Java Champion | Staff Developer Advocate bij Snyk

Breda, The Netherlands

Actions

Staff Developer Advocate for Snyk, Java Champion, and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is a JUG leader for the Virtual JUG and the NLJUG. He also co-leads the DevSecCon community and is a community manager for Foojay. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that, Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.

Staff Developer Advocate voor Snyk, Java Champion en Software Engineer met meer dan tien jaar praktische ervaring in het maken en onderhouden van software. Hij is gepassioneerd door Java, (Puur) Functioneel Programmeren en Cybersecurity. Brian is JUG-leider voor de Virtual JUG en de NLJUG. Hij leidt ook de DevSecCon-community en is communitymanager voor Foojay. Hij is een internationale spreker op voornamelijk Java-gerelateerde conferenties zoals JavaOne, Devnexus, Devoxx, Jfokus, JavaZone en nog veel meer. Daarnaast is Brian militair reserve bij de Koninklijke Luchtmacht en Taekwondo Master/Leraar.

Awards

Area of Expertise

  • Information & Communications Technology

Dependency Management beyond the initialiser

We all love scaffolds. It creates a brand new app with all the latest versions of the libraries we need to get going, enabling us to build awesome applications quickly. But after Spring Initializr creates our initial application who is responsible for the dependency management, in particular the known vulnerabilities that your application dependencies pull in? The average project is heavily weighted to 3rd party open source code. How can we make sure this large proportion of your application gets the attention and testing needed to ensure we deliver and maintain a secure and functional application. In this session, we look at the best practices of how to build a proper dependency management strategy. How to pick your application dependencies, keep the up to date, and clean out manifest files with tons of dependencies. And maybe even more important, what are the consequences of not being on top of this?

Building a Secure CI/CD Pipeline with GitHub Actions for your Applications

GitHub Actions has revolutionized the way developers build and deploy software. With its seamless integration into GitHub repositories, you can automate your entire CI/CD pipeline, from build and test to deployment. However, securing your pipeline is equally essential as automating it.

Join us for an action-packed workshop where we will show you how to create a secure CI/CD pipeline in GitHub Actions. We will walk you through the process of integrating security scanning and monitoring as part of your pipeline. By the end of this workshop, you will thoroughly understand how to automate security scanning and monitoring in your build cycle before production, ensuring that your software is always secure.

Live hacking your web app: exploiting your open source dependencies

Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s data.

We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues.

Know thy neighbours: dependency management done right

Modern Java development is heavily dependent on third-party libraries. When looking at an average project, the amount of your code can be as little as 1%. As we do care a lot about the code we write, how do we augment this on the packages we depend on? Let’s look at best practices on how to build a proper dependency management strategy. How to pick dependencies, update them, and clean out manifest files with tons of dependencies. And maybe even more important, what happens if we are not on top of this?

Java: a journey through time

Java SE 17 LTS has been out for a few months now, so it is fair to assume that most of you have already upgraded to it, right? 😄

A lot has happened since the beginning of time, at least the beginning of time from a Java developer’s point of view.

Java time started in 1996, but as you may know, the time implementation was quite broken at that time. When was it fixed?

The evolution from POJO’s to Records, from Casting to Autoboxing, Objects to Generics, and much more.

I will take you on a journey through time like in a Science fiction movie and when we arrive back in the now (Back to the Future) you will have touched on all the cool features in Java from the very beginning to the latest version.

Hands-on Java Security Workshop: How safe is your application?

Security issues and cybercrime are rising to an alarming rate. As a Java web developer, you should be aware of how important security and securing your client's data is. In this workshop, you will become the hacker and exploit vulnerabilities in packages that exist in the wild that might be part of your Java applications today. We will also show you how to protect yourself to these threats by building up a pipeline and development workflow with security testing in mind. This practical hands-on session will be fun and leave you with actionable takeaways on how to implement DevSecOps and prepare against the big bad world.

Empowering Developers to Embrace Security

In this talk, I will show you why it is important to empower developers to make secure decisions from the beginning. Good communication and collaboration between security and development teams will improve developer adoption. We need to combine a collaborative culture with the right process and the right tooling to enable developers to build their applications more securely.

Don't Get Burned! Secure Coding Essentials to protect your application

As a developer, you understand the importance of writing code that is functional, scalable, and maintainable. But how about secure code? Even the most seasoned developer can make common security mistakes that leave your code vulnerable to attack. In this session, we'll explore the most common and sometimes unknown security pitfalls made by developers and provide practical tips for avoiding them. We'll cover everything from input validation errors to injection to file overwrites and arbitrary code execution. We'll show real-world examples of insecure code and demonstrate how attackers exploit these vulnerabilities before showing you how to fix these code constructions. By understanding how these mistakes get exploited, you'll be better equipped to write secure, bulletproof code that can withstand attacks. Whether you're a junior developer just starting out or a seasoned pro looking to brush up on your skills, this session is a must-attend for anyone concerned with the security of their applications. Let’s start writing secure code and learn how to avoid security mistakes.

5 Tips to Create Secure Docker Containers for Java Developers

Docker is the most widely used way to containerize your application.
With Docker Hub, it is easy to create and pull pre-created images. This is very convenient as you can use these images from Docker Hub to quickly build an image for your Java application.
However, the naive way of creating custom Docker images for your Java applications comes with many security concerns. So, how do we make security an essential part of Docker images for Java?

Deserialization exploits in Java: why should I care?

Hackers refer to deserialization in Java as “the gift that keeps on giving”. But what is actually the problem? In most cases, it is not even your own code that creates this security vulnerability. This problem is also not restricted to Java’s custom serialization framework. When deserializing JSON, XML, or YAML, similar issues can occur as well.

In this talk, I explain how deserialization vulnerabilities work natively in Java and how attack chains are created. Next, I will show that deserializing XML, JSON, and YAML can also get you into trouble. Many different problems can occur when deserializing data and in this session, I will use several demos to illustrate various security issues.

How do you avoid these issues? I will give you some pointers on how to mitigate these problems in your own applications. At the end of this session, you will have an understanding of the problem space and be able to take action in your code to prevent it.

Brian Vermeer

Java Champion | Staff Developer Advocate @ Snyk

Breda, The Netherlands

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top