My two security sessions at JavaOne 2014

Awesome news today, my two security sessions at JavaOne 2014 have been accepted! I’ll be speaking about Security starts in the head(er) (CON2371) and 7 security tools and libraries every developer should know (CON2585) (see the session information below). Flight and hotel are booked; hope to see you in San Francisco!

Security starts in the head(er)
Java developers surely have already heard or even used some of the many available HTTP response headers in their web applications. Some of these response headers promise to have a positive impact on the security on the client side. However, they are not widely used yet, even in newly developed web applications. This results in giving away relatively easy attainable security benefits.
This session introduces attendees to different security related response headers and intends to raise the participants’ attention for the unjustified low usage of these security headers. Besides an introduction and a closer look at their properties, the session explains how to correctly configure and integrate them into a Java web application.

7 security tools and libraries every developer should know
Like in almost any other part of Java the security area for web applications offers a huge amount of different sized libraries and tools which all promise to make the life of a developer much easier. However their sheer amount raises the question which libraries are used best at which time and which tools optimally support the secure development of a web application.
This session introduces seven different security-tools and -libraries (frameworks), which support a developer when developing secure Java based web applications. These libraries solve common and wide spread security problems in web applications. The shown tools assist the developer and make it easier to preserve the achieved level of security in the web application.