Java is great and we all spend time on making it more performant, more scalable and maintainable. But we better should also spend some time on making it more secure. With all that new Java releases and features also come new vulnerabilities and exploits. Because Java is everywhere, it has a huge attack surface which makes it interesting for hackers to search for vulnerabilities in Java and foremost in Java based applications. I'm not a Java security specialist and if you are like me wonder what all these mystique acronyms like NVD, CVE, CVSS, CPU, PSU etc. mean and how they are related to Java security, come to this session and I will explain it to you. It will also be shown what tools are available to you to check whether your Java application is vulnerable to known issues.
Gerrit Grunwald is a software engineer with more than ten years of experience in software development. He has been involved in Java desktop application and controls development. Gerrit is interested in Java-driven embedded technologies based on JavaSE and JavaME embedded. He is a true believer in open source and has participated in popular projects like JFXtras.org as well as his own projects (Enzo, SteelSeries Swing, SteelSeries Canvas). Gerrit is an active member of the Java community, where he founded and leads the Java User Group Münster (Germany), he co-leads the JavaFX and IoT community, is a JavaOne rockstar and Java Champion. He is a speaker at conferences and user groups internationally and writes for several magazines.