In case you will attend JavaOne in San Francisco end of October… Session scheduler is just around the corner, my two sessions are scheduled for the following dates and locations:
Session Type: Conference Session
Session ID: CON2022
Session Title: The Web Application Strikes Back
Venue / Room: Hilton – Plaza Room B
Date and Time: 10/26/15, 14:30 – 15:30
Session Type: Conference Session
Session ID: CON2023
Session Title: Java Web Security Antipatterns
Venue / Room: Hilton – Plaza Room B
Date and Time: 10/29/15, 10:30 – 11:30
USA is too far away? No problem, there are still a lot of upcoming talks in Germany this year.
JavaOne 2014 is over, and it has been a fantastic experience! Better than my first attendance 2012. Most sessions had a higher quality, JavaHub was fantastic (I just love the Nao robot), enjoyed Geek Bike Ride and met a lot of new and interesting Java developers. The only mixed feelings I have are about both keynotes (Sunday and Thursday). No new content on Sunday, cut off in the middle of the most interesting part to probably make room for the OpenWorld keynote. Thursday contained a lot of advertisement for one of the sponsors (I’m not going to repeat their name), first half hour totally wasted (yeah, I know, the conference seems to need sponsors, Oracle can’t afford all the money, totally poor company, oh, wait…). But the rest of the keynote was actually quite good. Food was poor as always, but the parties in the evenings were much better and the food was ok there (which does not include the beer).
Of course I attended a lot of security sessions and met a lot of speakers I only knew from recordings so far. And as Jim Manico said today, it is nice that the security people started to tell unexperienced developers the same stories and recommend the same solutions. That doesn’t make us interchangeable! Instead it helps the developers to do the right thing and develop software securely.
Next year promises to be somehow special, Java turns 20 (and finally 21 in 2016, legal age to drink alcohol, maybe they will serve good beer then). JavaOne will take place one month later as usual at the end of October. Maybe with a real lunch and a working conference app that does not log you off 10 times a day and does not require session updates 50 times a day…
My slides are available for download here.
Awesome news today, my two security sessions at JavaOne 2014 have been accepted! I’ll be speaking about Security starts in the head(er) (CON2371) and 7 security tools and libraries every developer should know (CON2585) (see the session information below). Flight and hotel are booked; hope to see you in San Francisco!
Security starts in the head(er)
Java developers surely have already heard or even used some of the many available HTTP response headers in their web applications. Some of these response headers promise to have a positive impact on the security on the client side. However, they are not widely used yet, even in newly developed web applications. This results in giving away relatively easy attainable security benefits.
This session introduces attendees to different security related response headers and intends to raise the participants’ attention for the unjustified low usage of these security headers. Besides an introduction and a closer look at their properties, the session explains how to correctly configure and integrate them into a Java web application.
7 security tools and libraries every developer should know
Like in almost any other part of Java the security area for web applications offers a huge amount of different sized libraries and tools which all promise to make the life of a developer much easier. However their sheer amount raises the question which libraries are used best at which time and which tools optimally support the secure development of a web application.
This session introduces seven different security-tools and -libraries (frameworks), which support a developer when developing secure Java based web applications. These libraries solve common and wide spread security problems in web applications. The shown tools assist the developer and make it easier to preserve the achieved level of security in the web application.
JavaLand 2014 is over, and it has been a great first edition of the conference! It was a great privilege speaking there. The sessions I’ve attended were interesting, I ended up with a lot of new ideas for the weeks to come. The different community activities made it really easy to get in touch with others, talking about Java more or less the whole time. Enjoying some park attractions in the late evening did the rest to get to know some new Java enthusiasts. The whole location was nice, definitively the most extraordinary place of any Java conference I’ve attended so far. Like a little geek holiday. Organization was good (with some minor places for improvements). Lunch and dinner buffets were huge. And the floating lunch time avoided long lines. Speakers and organizers welcome dinner on the first evening was a good start, the African food served really something unusual and tasty.
Two minor things I did not like that much were the two too dark session rooms (including mine). I like to see my audience and have some kind of eye contact. Yes, the stage background was really great and something completely different. But simply too dark. The other thing I did not like was the stuff you had to pay for separately. I don’t have a problem that not everything is included in the conference fee (which, as a speaker, I did not pay anyway). But the hotel was quite expensive; to be topped by the drinks at the bar and the drinks you had to pay for after running out of coupons. Yeah, it’s a theme park, which all are at least a little bit pricy. But the park was opened for the conference only, more fair prices should have been possible.
But besides that, I really enjoyed this new conference, definitively worth a visit next year in case you missed this one. And I’m sure that most of this years attendees will come back.
Unfortunately, todays recording at JavaLand by Steve Chin (NightHacking) did not work out as expected, but one picture remains:
I’ll be speaking about Java Security Myths at Berlin Expert Days (BED-Con) on April 3rd/4th 2014. Hope to see you there, it’s about time to develop secure Java web applications!
I’ll be speaking about Java Security Myths at the DOAG 2013 conference in Nürnberg. My (German) session is on November 21st at 10 a.m.
Just received the great news that my session on Java Security Myths has been accepted for the upcoming Java Forum Stuttgart 2013. This is the third time in a row for me to speak at JFS after Git in 2011 and Secure Software Development in 2012. Looking forward to seeing you in Stuttgart on July 4th 2013.
My first JavaOne ever is over. Had a great time there. San Francisco is a great city, and the weather was perfect, a least the first couple of days.
I did enjoy all keynotes, especially of course the Java Community Keynote with James Goslings‘ surprise visit and presentation.
Most sessions I‘ve attended were really great. Experiencing Adam Bien live was really a lot of fun. My other highlights were Modern Software Development Antipatterns by Ben Evans and Martijn Verburg (those guys rock!), Real-World Java EE 6 Tutorial by Paul Bakker and Bert Ertman (impressive knowledge) as well as several security related sessions. And of course my own session on Apache Camel Security. More people (about 60 showed up, more than 80 registrations) as expected were interested in a security topic.
The locations (the three JavaOne hotels) were closer together than expected, way less time-consuming walking as expected. But even the short distance made it impossible to attend all desired sessions in full length since an early show up at most sessions was required.
Plus of course the free beer and coffee (not at the same time) sponsored by IBM. A lot of cool bands in the evening. Oracle‘s overall organization was perfect, including always available helpful staff.
What I do not understand however is how technically interested people (a.k.a. geeks) are not able to mute their mobile when attending a session. I can‘t remember too many session without at least one mobile entertaining everybody with a lovely ringtone. This is totally disrespectful of the speaker and the other attendees.
What I didn't like that much: WLAN was a catastrophe, at least most of the time. OK, this is really a challenge, so many geeks with so many devices… But hey, it‘s 2012! And food was extremely poor. Welcome dinner on Sunday night was great, but the rest of the week was sandwich only. It was enough, but nothing special at all. And why they served drinks in cans is, for a so-called green conference, beyond me.
But anyway, JavaOne 2012 was a success for me and a great experience! Lets see whether I will get the chance to go there again.
Hurry up, JavaOne starts in one week! And there still some spots available in my session on Apache Camel Security. Save the date, October 3rd 2012 (Wednesday) at 10 a.m. at Parc 55 – Embarcadero.
My session will introduce you to Apache Camel Security and show how to secure your Camel routes and messages using Camels’ very own features only. You will end up with secured messages and routes which can only be accessed by the configured user groups. Since Camel tends to integrate services providing critical business data it’s about time to take security into account.
Slides are ready, demo is ready, the only thing missing is you… So what’s holding you back, see you there!
Btw, I will (try to) twitter about my week at JavaOne.