Marc Schoenefeld - Secure Java Programming

Date: 15.05.2009


Marc Schoenefeld - The trainer has been involved with the deeper details of java security for about seven years and showed the success of the presented method by finding a large range of CVE relevant vulnerabilities. This class does not require prior knowledge of the java bytecode set but a deeper understanding how JVMs work mixed with creativity is very helpful to transfer the presented techniques into personal success.


This class starts with describing the important parameters that define the attack surface, such as dangerous code patterns, configuration settings and reasonable secure defaults. Examples of real-life vulnerabilities are used introduce the participatents to the experience that simple bugs are able to create holes, we cover both perspectives, the bug and the fix. The curriculum goes on with presenting and train the use of the tool set, necessary to spot vulnerable code parts. We presented techniques such as code skim reading, binary scanning, reverse engineering and interpreting the hidden security message of harmless looking heap, thread and stack dumps.

The examples and exercises shown in this class cover apache tomcat, apache geronimo and sun glassfish.

The topics presented are:

  • The Java architecture, JVMs and bytecode
  • The java security model
  • Secure programming in a nutshell
  • Java vulnerabilities, how they differ from C-type bugs
  • The JEE architecture
  • Open holes in JEE, how to spot them
  • How to harden a JEE server
  • Tools and toys to prepare and conduct JEE pentests
  • Writing self-assessment clients
  • Short excursion to web security, xss and xsrf, how to spot and prevent in JEE
  • Examples, examples, …

Warsztaty odbywać się będą w hotelu „Fortuna Bis” przy ul. Piłsudskiego 25 w Krakowie.

Warsztaty odbędą się 15 maja i rozpoczną o godzinie 9:00.

Dojazd do hotelu:

  • autobusy: 103,109,114,124,134,144,152,164,169,173,179,192,194,292,409,512,608,610,902 przystanek Cracovia
  • tramwaje: 15 i 18 przystanek Cracovia

Należy przejść około 300m ulicą Piłsudskiego w kierunku centrum miasta.

Lokalizacja hotelu na mapie

kosz warsztatów:

1200 pln Rejestracja na warsztaty 2009