Access Keys:
Skip to content (Access Key - 0)

Devoxx UK 2013

March 26 - 27, London

Devoxx France 2013

March 27 - 29, Paris
SOLD OUT!

Devoxx Belgium 2013

November 11 - 15, Antwerp

- Animations+ Animations

Security Testing Android with Mercury Conf Day 3 Service Versioning in SOA and Cloud

Security vulnerabilities in Java SE

This talk will present the results of our security research project which has lead to the discovery of 50 security vulnerabilities in Java implementations coming from Oracle, IBM and Apple. The primary goal of the talk is to twist your mind and show you how challenging and tricky Java security can be.

During the talk, certain key details pertaining to Java VM security model and its operation will be presented. This will be followed by a detailed discussion of certain problems related to Java SE security.

The talk will disclose the methodology taken and technical information of several sample (most interesting) vulnerabilities found during our research. This will include information about the critical issue found recently and affecting all Java SE versions 5, 6 and 7 provided that the weakness will be fixed by the time of a conference.

Along with that, the talk will disclose several previously unpublished exploitation techniques allowing for a complete Java VM security sandbox escape.

Speaker

Related Presentations

10 Months of MongoDB at Nokia Entertainment Bristol
A Decade of Shipwrecks The Past, Present, and Future of Builds
Adopt OpenJDK and Adopt a JSR
An analysis of CVE-2012-2122, MySQL authentication
Application within Minutes
Architecture All the Way Down
ArduPilot an Introduction to UAVs
Building application components with monitoring in mind
Custom controls...nothing is impossible
Defensible Development with Secure HTTP Headers
Showing first 10 of 44 results

Search by Tag

Below are the 177 labels used in Devoxx 2012 listed alphabetically. Click on a label to see its associated content.
A
actors, agile, ajax, akka, alm, analysis, android, animations, annotations, apache, appcache, apple, arduino, arquillian, asynchronous, atdd, atlassian
B
bejug, big, bof
C
cache, caching, cdi, ceylon, children, chrome, clojure, closures, cloud, cloudfoundry, clusters, collaboration, collections, conference, css3
D-F
dart, data, datadirect, design, devops, devoxx, domotics, duchess, eclipse, eclipselink, ejb3, excel, facebook, functionalprogramming
G
glassfish, google, grails, graphics, greenfoot, groovy, gtiazdbpwgco, guice, gwt
H
hadoop, hands-onlabs, hateoas, hbpomnhkf, hibernate, html, html5, http, hudson, hypermedia, hzihuduljqejelq
I
ibm, indexeddb, infinispan, ios, iphone, irxqvjdgvntzpkeef
J
j2me, java7, java8, javaee, javaee6, javaee7, javafx, javame, javaposse, javascript, javase, jax-rs, jboss, jcp, jdk, jdk8, jersey, jigsaw, jms, jmx, jpa, jpa2, jruby, json, jsr, jug, junit, jvm
K-M
lambda, lombok, mapreduce, maven, methodology, mobile, modules, mongodb, multicore, mylyn, mysql
N-O
nao, news, nfc, no-sidebar, nodejs, nosql, oauth, openjdk, openshift, orm, osgi, otgftluul
P-Q
paas, parleys, patterns, performance, phonegap, play, playframework, podcast, polyglot, puzzlers, quickie
R
raspberrypi, redis, rest, ria, robotics, rzxsgheseucnp
S
salesforce, scala, scalable, scrum, sdk, search, security, servlet, sgxaniowwxebaxn, soa, social, speakers, spock, spring, sql
T-V
tdd, technology, testing, tfgglcmqjabadme, tools, toolsinaction, torquebox, twitter, university, vaadin, visualvm
W-Z
web, web20, webgl, websockets, websphere, websql, weld, women
Adaptavist Theme Builder Powered by Atlassian Confluence