Brian Vermeer
Java Champion | Staff Developer Advocate @ Snyk
Breda, The Netherlands
Actions
Brian Vermeer is a Staff Developer Advocate at Snyk and a respected authority in Java and secure software development. He is an internationally recognized Java Champion and Oracle ACE Pro, honored for his outstanding contributions to Java and open source advocacy.
With over 15 years of hands-on software engineering experience, Brian specializes in Java, cybersecurity, and AI. He has authored numerous articles on this and has contributed to a wide range of open source projects within the ecosystem.
Brian is an active developer community leader, serving as a JUG leader for both the NLJUG and VirtualJUG, co-leading DevSecCon, and conference organizer for J-Fall and J-Spring. He is also a frequent speaker at leading international conferences, including JavaOne, Devoxx, and Devnexus.
Beyond his professional work in technology, Brian serves as a reservist in the Royal Netherlands Air Force in the rank of Captain and is a Taekwondo Master and instructor.
Links
Badges
Area of Expertise
Topics
Understanding Prompt Injection - Techniques, Challenges, and Advanced Escalation
As developers, we’re embracing AI and large language models (LLMs) in our applications more than ever. However, there’s an increasing concern we need to be aware of: prompt injection. This sneaky attack can undermine our AI systems by manipulating the input to produce unintended outputs.
In this session, we’ll explain prompt injection and examine some common techniques attackers use, such as instruction overrides and hidden prompts. But we won't stop there; we’ll also explore advanced challenges, including escalation techniques that can exacerbate the risks.
Most importantly, we won’t just identify the problem. We’ll dive into practical steps you can take to mitigate these risks and keep your AI interactions secure. Join us to gain insights that will help you stay ahead in AI security and ensure your applications remain robust against these emerging threats.
The Hidden Security Hazards in Your Java Stack
Building Java apps feels smooth. You move fast, code freely, and ship often. But that same vibe coding mindset can open the door to serious security problems. Copying code from the internet or trusting your AI assistant too much can introduce unsafe logic. Adding libraries without checking them and running container images you did not build can silently expose your application to attacks.
In this session, you will see how modern Java stacks become vulnerable through real-world examples and live hacking. From untrusted dependencies to misconfigured containers, we will explore the common traps developers fall into. You will walk away with practical techniques to spot these risks early and keep your code secure in the cloud-native world.
Securing LLM-Powered Applications: Overcoming Security and Privacy Challenges
LLMs accessing the database and intelligent agents that perform online purchases? The possibilities for AI in applications seem endless but so are their security and data privacy risks. In this session, we’ll address common issues such as prompt injection, key leakage, abuse of private customer data for model training, legal restrictions, and more. In addition, we will show that general security issues in your systems can also influence the behavior and outcome of LLMs.
During this session, you’ll get a solid overview of the vulnerabilities to avoid, strategies to ensure data privacy compliance and best practices for building secure LLM-powered applications.
Cracking the Code: AI Hallucinations and Live Hacking
Is your organization ready to transform your coding practices with generative AI tools such as Copilot, ChatGPT, or Code Whisperer? Do you know how to use these tools to boost your development speed without sacrificing security? Join our session to explore the potential and pitfalls of generative AI in coding.
In this interactive workshop, we will discuss the risks associated with generative AI, including hallucinations and security vulnerabilities. We’ll demonstrate live coding of an application using Copilot and ChatGPT, followed by a live hacking session to expose the weaknesses in the generated code. Watch as we uncover issues like SQL injections, cross-site scripting, and directory traversal in real-time.
Join us to discover how to balance speed and security in your projects and learn how to safely use the power of GenAI to enhance your coding efficiency while minimizing risks.
5 Tips to Create Secure Docker Containers for Java Developers
Docker is the most widely used way to containerize your application.
With Docker Hub, it is easy to create and pull pre-created images. This is very convenient as you can use these images from Docker Hub to quickly build an image for your Java application.
However, the naive way of creating custom Docker images for your Java applications comes with many security concerns. So, how do we make security an essential part of Docker images for Java?
Securing LLM-Powered Applications: Overcoming Security and Privacy Challenges
LLMs accessing the database and intelligent agents that perform online purchases? The possibilities for AI in applications seem endless but so are their security and data privacy risks. In this session, we’ll address common issues such as prompt injection, key leakage, abuse of private customer data for model training, legal restrictions, and more. In addition, we will show that general security issues in your systems can also influence the behavior and outcome of LLMs.
During this session, you’ll get a solid overview of the vulnerabilities to avoid, strategies to ensure data privacy compliance and best practices for building secure LLM-powered applications.
Security Warning: Your Java Attack Surface Just Got Bigger
Building cloud-native Java applications is undoubtedly awesome. However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things. Blindly depending on open-source libraries and Docker images can form a massive risk for your application.
The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data. Join this hands-on Java cloud-native live-hacking session where we will show common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j. Most importantly, you will learn how to protect your application with actionable remediation and best practices.
Live hacking your web app: exploiting your open source dependencies
Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s data.
We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues.
Hands-on Java Security Workshop: How safe is your application?
Security issues and cybercrime are rising to an alarming rate. As a Java web developer, you should be aware of how important security and securing your client's data is. In this workshop, you will become the hacker and exploit vulnerabilities in packages that exist in the wild that might be part of your Java applications today. We will also show you how to protect yourself to these threats by building up a pipeline and development workflow with security testing in mind. This practical hands-on session will be fun and leave you with actionable takeaways on how to implement DevSecOps and prepare against the big bad world.
Empowering Developers to Embrace Security
In this talk, I will show you why it is important to empower developers to make secure decisions from the beginning. Good communication and collaboration between security and development teams will improve developer adoption. We need to combine a collaborative culture with the right process and the right tooling to enable developers to build their applications more securely.
Don't Get Burned! Secure Coding Essentials to protect your application
As a developer, you understand the importance of writing code that is functional, scalable, and maintainable. But how about secure code? Even the most seasoned developer can make common security mistakes that leave your code vulnerable to attack. In this session, we'll explore the most common and sometimes unknown security pitfalls made by developers and provide practical tips for avoiding them. We'll cover everything from input validation errors to injection to file overwrites and arbitrary code execution. We'll show real-world examples of insecure code and demonstrate how attackers exploit these vulnerabilities before showing you how to fix these code constructions. By understanding how these mistakes get exploited, you'll be better equipped to write secure, bulletproof code that can withstand attacks. Whether you're a junior developer just starting out or a seasoned pro looking to brush up on your skills, this session is a must-attend for anyone concerned with the security of their applications. Let’s start writing secure code and learn how to avoid security mistakes.
Deserialization exploits in Java: why should I care?
Hackers refer to deserialization in Java as “the gift that keeps on giving”. But what is actually the problem? In most cases, it is not even your own code that creates this security vulnerability. This problem is also not restricted to Java’s custom serialization framework. When deserializing JSON, XML, or YAML, similar issues can occur as well.
In this talk, I explain how deserialization vulnerabilities work natively in Java and how attack chains are created. Next, I will show that deserializing XML, JSON, and YAML can also get you into trouble. Many different problems can occur when deserializing data and in this session, I will use several demos to illustrate various security issues.
How do you avoid these issues? I will give you some pointers on how to mitigate these problems in your own applications. At the end of this session, you will have an understanding of the problem space and be able to take action in your code to prevent it.
DevBcn 2025 Sessionize Event
DevSum 2025 Sessionize Event
JCON EUROPE 2025 Sessionize Event
Devnexus 2025 Sessionize Event
Jfokus 2025 Sessionize Event
J-Fall 2024 Sessionize Event
BaselOne 2024 Sessionize Event
Developer Week '24 Sessionize Event
JNation 2024 Sessionize Event
DevSum 2024 Sessionize Event
Devnexus 2024 Sessionize Event
State of Open Con 24 Sessionize Event
J-Fall 2023 Sessionize Event
Porto Tech Hub Conference 2023 Sessionize Event
DevBcn 2023 Sessionize Event
JNation 2023 Sessionize Event
TEQnation 2023 Sessionize Event
Devnexus 2023 Sessionize Event
DevOpsDays Tel Aviv 2022 Sessionize Event
JConf.dev 2022 Sessionize Event
KCDC 2022 Sessionize Event
DevSum 2022 Sessionize Event
TEQnation 2022 Sessionize Event
J-Fall 2021 Sessionize Event
JNation 2021 Sessionize Event
Brian Vermeer
Java Champion | Staff Developer Advocate @ Snyk
Breda, The Netherlands
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top