34
events were organized by JUG Switzerland during 2024 so far.

Events

Kai Ullrich is working in IT security for almost 25 years. For the past six years, he has been working as a penetration tester and security researcher. During this time, he found numerous 0-day vulnerabilities in well-known products. He currently works as a freelance cybersecurity consultant, helping his clients to organically increase the security level of their organization.

04.04.2023

What Java Developers Should Know about Offensive Security

LOCATION: Zürich
KEYWORDS: Security, Lessons learned, Methods, Research

AGENDA:18:15-19:30h: Talk incl. Q/A
Afterwards you are invited to a refreshment.

SPEAKER: Kai Ullich   COMPANY: Freelance Cybersecurity Consultant
SLIDES: 230404_Offensive_Security.pdf

Most people remember the log4shell shockwaves, but did you know that the underlying problem was already well known since 2016, and that it also plays a central role in other vulnerabilities? Did you know that XSL transformation can be extremely dangerous? Can you imagine how model binding in Spring MVC was perfidiously exploited to write malicious code onto the target machine in April 2022?

Dive into the world of Java vulnerabilities and their exploitation for an hour and expand your horizons with things that could make the difference between secure and insecure in your next project.

LEVEL OF TALK: Intermediate
LANGUAGE: Talk: en / Slides: en

Kai Ullrich is working in IT security for almost 25 years. For the past six years, he has been working as a penetration tester and security researcher. During this time, he found numerous 0-day vulnerabilities in well-known products. He currently works as a freelance cybersecurity consultant, helping his clients to organically increase the security level of their organization.

LEVELS:

BEGINNER
The presented topic is new to the audience or only little and superficial experience exists. This talk will mainly cover basic aspects of the topic and not go into much detail.

INTERMEDIATE
The presented topic is known to the audience, serious practical experience is expected. This talk might cover some basic aspects of the topic, but will as well go into depth and details.

ADVANCED
The presented topic is well-known to the audience, serious practical experience and a deep understanding are required. This talk will not cover basics of the topic, but will go into depth, might discuss details, compare different approaches, and so on.

ALL
The topic presented is of interest to all levels and does not require any special prior knowledge.

top

Supporting members

Platin

Gold

Silver

 
 

 

About

JUG Switzerland aims at promoting the application of Java technology in Switzerland.

JUG Switzerland facilitates the sharing of experience and information among its members. This is accomplished through workshops, seminars and conferences. JUG Switzerland supports and encourages the cooperation between commercial organizations and research institutions.

JUG Switzerland is funded through membership fees.

Design
Partner

 

Contact

Java User Group Switzerland
8000 Zürich
info@jug.ch

© Java User Group Switzerland