ApacheCon EU 2016 has ended
ApacheCon Europe 2016
Click here to Register or for more information 
Back To Schedule
Friday, November 18 • 12:00 - 12:50
Object Lessons: Deserialization After Apache Commons Collections - Tim Jarrett, Veracode

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

ItÛªs the biggest vulnerability of 2015 that didnÛªt get a brand name. The deserialization vulnerability in the Apache Commons Collections library also impacted the build server that powers most software developers and a half dozen other key pieces of the shared Java software infrastructure. But Java deserialization vulnerabilities are more widespread than you might guess.

This presentation reviews data from over 200,000 application security scans to help defenders better understand the risk of Java deserialization vulnerabilities. We look at vulnerability prevalence both overall and by industry vertical and the probability that your application has a similar vulnerability (hint: higher than youÛªd think). WeÛªll also look at real world guidance for setting security policies and coordinating with developers to get issues fixed across large numbers of applications.

avatar for Tim Jarrett

Tim Jarrett

Director, Enterprise Security Strategy, Veracode
Tim Jarrett is Senior Director of Product Management at CA Veracode. A Grammy-award winning product professional with more than 20 years of experience building and marketing software, he joined Veracode in 2008 and has a Bacon number of 3. He has previously spoken at the RSA Conference... Read More →

Friday November 18, 2016 12:00 - 12:50 CET
Nervion/Arenal II/III