RUVIDEO
Поделитесь видео 🙏

JForum - Supply Chain Security & Log4Shell

📁 Развлечения 👁️ 18 📅 11.10.2024

What is this event about?

Presentation #1:
Supply Chain Sec for Developers by Sven Ruppert (JFrog)

Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on in the beginning? This, of course, raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be included in this security strategy.

In the recent past, we have also learned that attacks such as the "Solarwinds Hack" are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.

We deal with the following questions:

-- What potential threats are there in general?

-- What are classic attack points in software development from the source code to binary?

-- What free tools are there, and where should they be used?

-- How can I arm myself against the challenges of cyber attacks today?

Presentation #2:
Log4Shell: A secure development perspective by Sebastian Olsson (Truesec)

The critical vulnerability known as Log4Shell shook much of the security world in December 2021. It also affected countless Java development teams depending on the ubiquitous Log4j library. Much has been written about exploit patterns and protections, but what was the vulnerability really? And how can we avoid similar issues in our applications?

In this talk we look at the anatomy of the vulnerability, how the patches work and how secure coding patterns reduce such risks. We do this by walking through the main developments and confusions as things unfolded.

Speaker´s bio:
Sven Rupper (JFrog)

Sven Ruppert has been coding Java since 1996 in industrial projects, is working as Developer Advocate for JFrog and Groundbreaker Ambassador (former Oracle Developer Champion). He is regularly speaking at Conferences worldwide and contributes to IT periodicals, as well as tech portals. He was working over 15 years as a consultant worldwide in industries like Automotive, Space, Insurance, Banking, UN and WorldBank. In addition to his main topic DevSecOps he is working on Mutation Testing of Web apps and Distributed UnitTesting besides his evergreen topics Core Java and Kotlin.

Sebastian Olsson (Truesec)

Sebastian is technical lead of the application security/secure development team at Truesec. He enjoys projects where security is a core requirement, especially if it includes working on cryptography, secure communications, identities and distributed systems. His work often includes analyzing the security of software architecture and development life cycles as well as auditing security critical code.

Что делает видео по-настоящему запоминающимся? Наверное, та самая атмосфера, которая заставляет забыть о времени. Когда вы заходите на RUVIDEO, чтобы посмотреть онлайн «JForum - Supply Chain Security & Log4Shell», вы рассчитываете на нечто большее, чем просто загрузку плеера. И мы это понимаем. Контент такого уровня заслуживает того, чтобы его смотрели в HD 1080, без дрожания картинки и бесконечного буферизации.

Честно говоря, Rutube сегодня — это кладезь уникальных находок, которые часто теряются в общем шуме. Мы же вытаскиваем на поверхность самое интересное. Будь то динамичный экшн, глубокий разбор темы от любимого автора или просто уютное видео для настроения — всё это доступно здесь бесплатно и без лишних формальностей. Никаких «заполните анкету, чтобы продолжить». Только вы, ваш экран и качественный поток.

Если вас зацепило это видео, не забудьте взглянуть на похожие материалы в блоке справа. Мы откалибровали наши алгоритмы так, чтобы они подбирали контент не просто «по тегам», а по настроению и смыслу. Ведь в конечном итоге, онлайн-кинотеатр — это не склад файлов, а место, где каждый вечер можно найти свою историю. Приятного вам отдыха на RUVIDEO!

Видео взято из открытых источников Rutube. Если вы правообладатель, обратитесь к первоисточнику.