Description:

Stranger Danger Live Hack! Your Java Attack Surface Just Got Bigger

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Join me for a hands-on Java and cloud native live-hacking session, to show common threats, vulnerabilities and misconfigurations. Most importantly, we'll also show how you can protect your application with actionable remediation and best practices for each exploit we demonstrate.

·Agenda:

• What is DevSecOps?
• Live Hack: Application Code
• Live Hack: Open Source Dependencies
• Open Source Supply Chain Security
• Live Hack: Log4Shell
• Overview: OWASP Top 10
• Live Hack: selection of OWASP Top 10 Bugs

One of the biggest changes to the tech ecosystem as a whole in the past year was AI-driven programming tools.Even though you should not put down the keyboard and head home, you probably should get familiar with how the Software Development and DevOps fields are going to evolve.

Has your company ever decided to hire an agency to develop an app? And how did the agency handle SRE? Let me invite you to my talk where I am going to describe how we SRE and what it takes to prepare an application for a handoff or how we support what we have written well after every developer had moved on.
Let me show the great divide between the customer and his infrastructure. What could be done to help the customer understand his application needs and eventually remove the divide all together. For us, the application is not done until the end of the shelf life is reached.
Join me on an adventure where I am going to show you our tooling and principles you can
use yourself.

Code reviews are an essential part of the development process. They ensure that new code implements the required functionality but does not break existing features. On the other hand, code reviews are very time-consuming and take 10% of software development time.

In addition, while it’s important to review code, it’s equally important to monitor the quality of a codebase over time and make sure it always improve (or at least, never decreases).

In this workshop, we present our code analysis platform: Codiga. We first explain how to use Codiga to automate code review, save developer time and facilitate the code review process. As a second step, we present how to integrate a code quality tool in your CI/CD pipeline to guarantee code quality over time.

This session is very hands-on and demonstrates how to automate Code Reviews and leverage existing CI/CD pipelines (GitHub Actions, CircleCI) to check code quality at each commit.

When Linus Torvalds designed Git, one of his famous quotes was “branching is not the problem, merging is”. Properly merging database schema changes along with code is even harder - especially if many teams and tons of data get involved. We will tell how those challenges got addressed at GitHub and how the same tooling found its way into PlanetScale’s database branching and merging workflow. We will do a live demo showing how to propose, test, approve and merge MySQL schema changes directly from a pull request along with the corresponding application code changes. If you create a free PlanetScale account, you can even follow along with a couple of clicks.

You will also learn the story behind Vitess - the Open Source project invented by the founders of PlanetScale to reliably run MySQL at YouTube - now used in production environments at places like Slack, GitHub, Roblox and Twitter. Last but not least, there will be multiple opportunities to win some swag, so don’t miss the session.