Yin and Yang of Java Security Programming - Marc Schonefeld

Bellua Cyber Security Asia 2005 - The Workshops,

Marc Schonefeld
Yin and Yang of Java Security Programming

Date:21 March 2005
Length:1 Day
Venue: Hotel Borobudur, Jakarta - Indonesia.
Cost: US$1000 including refreshments, lunch, materials and certificate of completion.
Synopsis:
This is a workshop about the ying and yang of Java security presenting the general java security architecture, the flaws and exploits I found in JDK and on the other hand general techniques to create secure and resistent java programs.
This will cover to protect pure Java desktop applets and programs as well as J2EE based executable content as EJBs, adapters and servlets.
In the practical part useful methodologies to statically reverse engineer and exploit weaknesses of java applications.
From a dynamical point of view the jChains framework will be used to reverse engineer thepermission requirements of an application when run under a strict security manager.
Course Outline::
  • Introduction
  • Java and Security
  • What to Attack and Protect
  • Core Java Runtime Environment Security
  • Application Security
  • Java Secure Coding
  • Java Bytecode Engineering
  • Finding Adequate Permission Sets for Java Applications
  • Selected Use Cases for the Audience
  • Summary, Questions & Answers and farewell
Date:21 March 2005
Length:1 Day
Venue: Hotel Borobudur, Jakarta - Indonesia.
Cost: US$1000 including refreshments, lunch, materials and certificate of completion.

Marc Schonefeld
About the Tutor

Marc Schonefeld is an external PhD student at the University of Bamberg in Germany. His research covers the analysis of interdependencies between programming flaws (antipatterns) and vulnerabilities in software. By developing a framework for flaw detection he found a range of serious bugs in current java runtime environments (JDK) and other java based applications and middleware systems(like Jboss, Cloudscape database, ...).

Some of his findings led to the publication of a number of advisories by Sun Microsystems.

In 2004 he presented at DIMVA and D-A-CH conferences and was speaker at Blackhat and RSA in 2003.

Also in 2004 he was finalist for the European Information Security Award which was granted to IBM labs Zurich :-( ] for his work on java based security antipatterns.

PT Bellua Asia Pacific - Bellua Cyber Security Conferences & Workshops