Most Active Speaker

Brian Vermeer

Brian Vermeer

Java Champion | Staff Developer Advocate @ Snyk

Java Champion | Staff Developer Advocate bij Snyk

Breda, The Netherlands

Actions

Staff Developer Advocate for Snyk, Java Champion, and Software Engineer with over a decade of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is a JUG leader for the Virtual JUG and the NLJUG. He also co-leads the DevSecCon community and is a community manager for Foojay. He is a regular international speaker on mostly Java-related conferences like JavaOne, Devnexus, Devoxx, Jfokus, JavaZone and many more. Besides all that, Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.

Staff Developer Advocate voor Snyk, Java Champion en Software Engineer met meer dan tien jaar praktische ervaring in het maken en onderhouden van software. Hij is gepassioneerd door Java, (Puur) Functioneel Programmeren en Cybersecurity. Brian is JUG-leider voor de Virtual JUG en de NLJUG. Hij leidt ook de DevSecCon-community en is communitymanager voor Foojay. Hij is een internationale spreker op voornamelijk Java-gerelateerde conferenties zoals JavaOne, Devnexus, Devoxx, Jfokus, JavaZone en nog veel meer. Daarnaast is Brian militair reserve bij de Koninklijke Luchtmacht en Taekwondo Master/Leraar.

Awards

Area of Expertise

  • Information & Communications Technology

Topics

  • Security
  • Application Security
  • cyber security
  • java
  • .NET
  • Kotlin
  • DevOps
  • DevSecOps
  • Software Development

Security Warning: Your Java Attack Surface Just Got Bigger

Building cloud-native Java applications is undoubtedly awesome. However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things. Blindly depending on open-source libraries and Docker images can form a massive risk for your application.
The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data. Join this hands-on Java cloud-native live-hacking session where we will show common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j. Most importantly, you will learn how to protect your application with actionable remediation and best practices.

Live hacking your web app: exploiting your open source dependencies

Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s data.

We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues.

Hands-on Java Security Workshop: How safe is your application?

Security issues and cybercrime are rising to an alarming rate. As a Java web developer, you should be aware of how important security and securing your client's data is. In this workshop, you will become the hacker and exploit vulnerabilities in packages that exist in the wild that might be part of your Java applications today. We will also show you how to protect yourself to these threats by building up a pipeline and development workflow with security testing in mind. This practical hands-on session will be fun and leave you with actionable takeaways on how to implement DevSecOps and prepare against the big bad world.

Empowering Developers to Embrace Security

In this talk, I will show you why it is important to empower developers to make secure decisions from the beginning. Good communication and collaboration between security and development teams will improve developer adoption. We need to combine a collaborative culture with the right process and the right tooling to enable developers to build their applications more securely.

Don't Get Burned! Secure Coding Essentials to protect your application

As a developer, you understand the importance of writing code that is functional, scalable, and maintainable. But how about secure code? Even the most seasoned developer can make common security mistakes that leave your code vulnerable to attack. In this session, we'll explore the most common and sometimes unknown security pitfalls made by developers and provide practical tips for avoiding them. We'll cover everything from input validation errors to injection to file overwrites and arbitrary code execution. We'll show real-world examples of insecure code and demonstrate how attackers exploit these vulnerabilities before showing you how to fix these code constructions. By understanding how these mistakes get exploited, you'll be better equipped to write secure, bulletproof code that can withstand attacks. Whether you're a junior developer just starting out or a seasoned pro looking to brush up on your skills, this session is a must-attend for anyone concerned with the security of their applications. Let’s start writing secure code and learn how to avoid security mistakes.

Deserialization exploits in Java: why should I care?

Hackers refer to deserialization in Java as “the gift that keeps on giving”. But what is actually the problem? In most cases, it is not even your own code that creates this security vulnerability. This problem is also not restricted to Java’s custom serialization framework. When deserializing JSON, XML, or YAML, similar issues can occur as well.

In this talk, I explain how deserialization vulnerabilities work natively in Java and how attack chains are created. Next, I will show that deserializing XML, JSON, and YAML can also get you into trouble. Many different problems can occur when deserializing data and in this session, I will use several demos to illustrate various security issues.

How do you avoid these issues? I will give you some pointers on how to mitigate these problems in your own applications. At the end of this session, you will have an understanding of the problem space and be able to take action in your code to prevent it.

BaselOne 2024 Sessionize Event Upcoming

October 2024 Basel, Switzerland

Developer Week '24 Sessionize Event

July 2024 Nürnberg, Germany

JNation 2024 Sessionize Event

June 2024 Coimbra, Portugal

DevSum 2024 Sessionize Event

May 2024 Stockholm, Sweden

Devnexus 2024 Sessionize Event

April 2024 Atlanta, Georgia, United States

State of Open Con 24 Sessionize Event

February 2024 London, United Kingdom

J-Fall 2023 Sessionize Event

November 2023 Ede, The Netherlands

Porto Tech Hub Conference 2023 Sessionize Event

October 2023 Porto, Portugal

DevBcn 2023 Sessionize Event

July 2023 L'Hospitalet de Llobregat, Spain

JNation 2023 Sessionize Event

June 2023 Coimbra, Portugal

TEQnation 2023 Sessionize Event

May 2023 Utrecht, The Netherlands

Devnexus 2023 Sessionize Event

April 2023 Atlanta, Georgia, United States

DevOpsDays Tel Aviv 2022 Sessionize Event

December 2022 Tel Aviv, Israel

JConf.dev 2022 Sessionize Event

September 2022 Chicago, Illinois, United States

KCDC 2022 Sessionize Event

August 2022 Kansas City, Missouri, United States

DevSum 2022 Sessionize Event

May 2022 Stockholm, Sweden

TEQnation 2022 Sessionize Event

May 2022 Utrecht, The Netherlands

J-Fall 2021 Sessionize Event

November 2021 Ede, The Netherlands

JNation 2021 Sessionize Event

June 2021

Brian Vermeer

Java Champion | Staff Developer Advocate @ Snyk

Breda, The Netherlands

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top