Brian Vermeer
Java Champion | Staff Developer Advocate @ Snyk
Java Champion | Staff Developer Advocate bij Snyk
Breda, The Netherlands
Actions
Staff Developer Advocate for Snyk, Java Champion, Oracle Ace Pro, and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is a JUG leader for the Virtual JUG and the NLJUG. He also co-leads the DevSecCon community and is a community manager for Foojay. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that, Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.
Staff Developer Advocate voor Snyk, Java Champion, Oracle Ace Pro en Software Engineer met meer dan tien jaar praktische ervaring in het maken en onderhouden van software. Hij is gepassioneerd door Java, (Puur) Functioneel Programmeren en Cybersecurity. Brian is JUG-leider voor de Virtual JUG en de NLJUG. Hij leidt ook de DevSecCon-community en is communitymanager voor Foojay. Hij is een internationale spreker op voornamelijk Java-gerelateerde conferenties zoals JavaOne, Devnexus, Devoxx, Jfokus, JavaZone en nog veel meer. Daarnaast is Brian militair reserve bij de Koninklijke Luchtmacht en Taekwondo Master/Leraar.
Links
Area of Expertise
Topics
Security Warning: Your Java Attack Surface Just Got Bigger
Building cloud-native Java applications is undoubtedly awesome. However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things. Blindly depending on open-source libraries and Docker images can form a massive risk for your application.
The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data. Join this hands-on Java cloud-native live-hacking session where we will show common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j. Most importantly, you will learn how to protect your application with actionable remediation and best practices.
Live hacking your web app: exploiting your open source dependencies
Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s data.
We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues.
Hands-on Java Security Workshop: How safe is your application?
Security issues and cybercrime are rising to an alarming rate. As a Java web developer, you should be aware of how important security and securing your client's data is. In this workshop, you will become the hacker and exploit vulnerabilities in packages that exist in the wild that might be part of your Java applications today. We will also show you how to protect yourself to these threats by building up a pipeline and development workflow with security testing in mind. This practical hands-on session will be fun and leave you with actionable takeaways on how to implement DevSecOps and prepare against the big bad world.
Empowering Developers to Embrace Security
In this talk, I will show you why it is important to empower developers to make secure decisions from the beginning. Good communication and collaboration between security and development teams will improve developer adoption. We need to combine a collaborative culture with the right process and the right tooling to enable developers to build their applications more securely.
Don't Get Burned! Secure Coding Essentials to protect your application
As a developer, you understand the importance of writing code that is functional, scalable, and maintainable. But how about secure code? Even the most seasoned developer can make common security mistakes that leave your code vulnerable to attack. In this session, we'll explore the most common and sometimes unknown security pitfalls made by developers and provide practical tips for avoiding them. We'll cover everything from input validation errors to injection to file overwrites and arbitrary code execution. We'll show real-world examples of insecure code and demonstrate how attackers exploit these vulnerabilities before showing you how to fix these code constructions. By understanding how these mistakes get exploited, you'll be better equipped to write secure, bulletproof code that can withstand attacks. Whether you're a junior developer just starting out or a seasoned pro looking to brush up on your skills, this session is a must-attend for anyone concerned with the security of their applications. Let’s start writing secure code and learn how to avoid security mistakes.
Deserialization exploits in Java: why should I care?
Hackers refer to deserialization in Java as “the gift that keeps on giving”. But what is actually the problem? In most cases, it is not even your own code that creates this security vulnerability. This problem is also not restricted to Java’s custom serialization framework. When deserializing JSON, XML, or YAML, similar issues can occur as well.
In this talk, I explain how deserialization vulnerabilities work natively in Java and how attack chains are created. Next, I will show that deserializing XML, JSON, and YAML can also get you into trouble. Many different problems can occur when deserializing data and in this session, I will use several demos to illustrate various security issues.
How do you avoid these issues? I will give you some pointers on how to mitigate these problems in your own applications. At the end of this session, you will have an understanding of the problem space and be able to take action in your code to prevent it.
BaselOne 2024 Sessionize Event
Developer Week '24 Sessionize Event
JNation 2024 Sessionize Event
DevSum 2024 Sessionize Event
Devnexus 2024 Sessionize Event
State of Open Con 24 Sessionize Event
J-Fall 2023 Sessionize Event
Porto Tech Hub Conference 2023 Sessionize Event
DevBcn 2023 Sessionize Event
JNation 2023 Sessionize Event
TEQnation 2023 Sessionize Event
Devnexus 2023 Sessionize Event
DevOpsDays Tel Aviv 2022 Sessionize Event
JConf.dev 2022 Sessionize Event
KCDC 2022 Sessionize Event
DevSum 2022 Sessionize Event
TEQnation 2022 Sessionize Event
J-Fall 2021 Sessionize Event
JNation 2021 Sessionize Event
Brian Vermeer
Java Champion | Staff Developer Advocate @ Snyk
Breda, The Netherlands
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top