Jamie Coleman
Sonatype
Jamie is a Developer Advocate for Sonatype formally IBM, based in the UK. He talks about the importance of security in software, improving developer productivity and raising awareness about energy consumption of technology.Passionate about discovering ways to help reduce developers carbon footprint, he is also a subject matter expert in containerised solutions and build technologies. He fell in love with Java at University and has gone on to talk at many conferences about using Java with microservices and related technology. He has worked on a wide variety of projects such as modernising IBM CICS mainframe testing infrastructure, creating, and automating the creation of Docker images for IBM’s products and contributing to a DevOps pipeline offering.
Secure software development is one of the highest demanded skills in 2023. Secure CI/CD pipelines. Writing secure code. Securing supply chains. Being aware of the myriad vulnerabilities within our codebase is becoming more and more important for developers to understand in our “shift-left” world. The OWASP Top 10 vulnerabilities haven’t changed in a long time, because none of us seem to get it right. In this workshop we will take a journey through the entire SDLC with a critical eye on security.
We’ll look at how to implement secure coding practices, and then move on to discuss the ins and outs of modern continuous integration. After we lock down our CI pipelines, we’ll look at how to find vulnerabilities in our dependencies. Armed with that information we’ll learn how to properly triage threats, exploits, vulnerabilities that affect our software, and how to streamline code improvements. Before we’re done, we’ll investigate modern processes for continuous deployment, including secure infrastructure as code development and how to lock down our CD pipelines.
This workshop will get hands-on with a simple, streamlined approach to deploying code to the cloud while diving deep into essential concepts related to software security.
More We’ll look at how to implement secure coding practices, and then move on to discuss the ins and outs of modern continuous integration. After we lock down our CI pipelines, we’ll look at how to find vulnerabilities in our dependencies. Armed with that information we’ll learn how to properly triage threats, exploits, vulnerabilities that affect our software, and how to streamline code improvements. Before we’re done, we’ll investigate modern processes for continuous deployment, including secure infrastructure as code development and how to lock down our CD pipelines.
This workshop will get hands-on with a simple, streamlined approach to deploying code to the cloud while diving deep into essential concepts related to software security.
Hidden security features of the JVM - everything you didn’t know and more
Conference (BEGINNER level)
Java 17 announced the depreciation of the Security Manager (which is ok since hardly anyone used it) but that doesn’t mean the JVM leaves you vulnerable.
Many design features in the JVM and the JDK are there to help keep your application safe from harm.
In this session, we’ll walk through these points - from compiler to bytecode to runtime and give you a refresher on how to get the best from these features. We’ll also look at new things in the works, compile-to-native consequences and even some off-the-wall “it’s just an idea” thoughts about how to make the JVM an even more secure environment.
More Many design features in the JVM and the JDK are there to help keep your application safe from harm.
In this session, we’ll walk through these points - from compiler to bytecode to runtime and give you a refresher on how to get the best from these features. We’ll also look at new things in the works, compile-to-native consequences and even some off-the-wall “it’s just an idea” thoughts about how to make the JVM an even more secure environment.
