Beata Szturemska
A software engineer at Spartez, who attempts to make Jira better every day. Not a blind fanatic of any particular technology or programming language. She loves facing challenges, because it gives her an opportunity to make mistakes and learn something new daily. Fluent in Java, Python's pal. Queen of the Mountains and Jenkins pipelines. Speaker at conferences. Strongly involved in promoting science in children and youth. Her love for cycling exceeds 7000 km a year.
Security – Only Developers Can Make It Proactive
Whether we use high-level languages like Java, Python, C# or we dive into the world of C/C++, the lists of dependencies of our projects contain more and more external frameworks and libraries. It makes developers’ life easiest and helps us to focus on delivering business value. Do you know what vulnerabilities are known for the version you use? Are you sure you know all the tips and tricks to use the framework in a correct way? Is it good for our software to rely the security of our products on the security of these frameworks and the way we use them?
Join me during an exciting LIVE DEMO. Get to know how to weaponize known Spring Boot Data Rest library vulnerability. See how to use Remote Code Execution to actually fully compromise the server hosting an application.
Using the vulnerability in an actual attack helps us to understand the underlying mechanism and find if it is applicable to our software. It also allows us to find the detection patterns if it is attempted to be exploited on our infrastructure. And besides all of it – it is fun to hack the servers! It also shows that we can do much better than just blindly upgrading components. There are examples of vulnerabilities, which are fixed not with a single patch, but rather through a series of upgrades leading to more secure solutions, so it is important to stop for a while and think about other attack paths and consequences, that can be faced. The reactive approach of simply keeping up with the latest version leaves us in a position, where we are always exposed to new vulnerabilities that are about to be discovered.
A software engineer at Spartez, who attempts to make Jira better every day. Not a blind fanatic of any particular technology or programming language. She loves facing challenges, because it gives her an opportunity to make mistakes and learn something new daily. Fluent in Java, Python's pal. Queen of the Mountains and Jenkins pipelines. Speaker at conferences. Strongly involved in promoting science in children and youth. Her love for cycling exceeds 7000 km a year.
Security – Only Developers Can Make It Proactive
Whether we use high-level languages like Java, Python, C# or we dive into the world of C/C++, the lists of dependencies of our projects contain more and more external frameworks and libraries. It makes developers’ life easiest and helps us to focus on delivering business value. Do you know what vulnerabilities are known for the version you use? Are you sure you know all the tips and tricks to use the framework in a correct way? Is it good for our software to rely the security of our products on the security of these frameworks and the way we use them?
Join me during an exciting LIVE DEMO. Get to know how to weaponize known Spring Boot Data Rest library vulnerability. See how to use Remote Code Execution to actually fully compromise the server hosting an application.
Using the vulnerability in an actual attack helps us to understand the underlying mechanism and find if it is applicable to our software. It also allows us to find the detection patterns if it is attempted to be exploited on our infrastructure. And besides all of it – it is fun to hack the servers! It also shows that we can do much better than just blindly upgrading components. There are examples of vulnerabilities, which are fixed not with a single patch, but rather through a series of upgrades leading to more secure solutions, so it is important to stop for a while and think about other attack paths and consequences, that can be faced. The reactive approach of simply keeping up with the latest version leaves us in a position, where we are always exposed to new vulnerabilities that are about to be discovered.