Theresa is a developer advocate, computer engineer, and open source contributor with a background in JVM and compiler projects. She currently works at Sonatype, educating developers on cybersecurity and code quality. Outside of work, she devotes her time to animal rescue initiatives including fostering and training dogs and cats, admin work, and advocacy.
Cyber villains pose an increasing threat to Java applications and the software development lifecycle. Modern tools have the potential to greatly improve the odds of avoiding a major exploit, but with new vulnerabilities being discovered every day developers need as much help as they can get.
The good news is tools already in your SDLC can be leveraged to be a security hero. What you may not know is that just like Spiderman, your friendly neighborhood Java runtime is also working hard behind the scenes to protect you from the bad guys. Come learn how you can take advantage of features your JDK provides out of the box to maximize your application security.
As developers we often hear the word “security” and assume it means either “authentication” or “encryption” Maybe we assume it’s just someone else’s problem because deep down we don’t really know what we are supposed to do. It’s not really acceptable anymore to dodge the question or point at IT, or DevOps or even DevSecOps as being the ones who have to ‘solve’ security.
In this talk we’re going to look at simple practical steps that you can do now to improve your understanding, increase the safety of your applications and tools and generally reduce your fright levels. Working through the development life cycle and the CI/CD pipeline we’ll visit each step and introduce you to some of the open source tools and services that exist today to help make your life less stressful and keep the bad guys further away.
We’ll help you understand the risks you might already be taking and how and why these tools can reduce your exposure after all - understanding the risk is half the battle - knowing what your’e up against helps to add defences
Security doesn’t have to be scary - take the time to dispel some of the fear.