Stranger Danger Live Hack! Your Java Attack Surface Just Got Bigger Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address. Join me for a hands-on Java and cloud native live-hacking session, to show common threats, vulnerabilities and misconfigurations. Most importantly, we'll also show how you can protect your application with actionable remediation and best practices for each exploit we demonstrate. ·Agenda: * What is DevSecOps? * Live Hack: Application Code * Live Hack: Open Source Dependencies * Open Source Supply Chain Security * Live Hack: Log4Shell * Overview: OWASP Top 10 * Live Hack: selection of OWASP Top 10 Bugs