Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
ApacheCon Europe 2016
Click here to Register or for more information 
View analytic
Friday, November 18 • 12:00 - 12:50
Object Lessons: Deserialization After Apache Commons Collections - Tim Jarrett, Veracode

Sign up or log in to save this to your schedule and see who's attending!

ItÛªs the biggest vulnerability of 2015 that didnÛªt get a brand name. The deserialization vulnerability in the Apache Commons Collections library also impacted the build server that powers most software developers and a half dozen other key pieces of the shared Java software infrastructure. But Java deserialization vulnerabilities are more widespread than you might guess.



This presentation reviews data from over 200,000 application security scans to help defenders better understand the risk of Java deserialization vulnerabilities. We look at vulnerability prevalence both overall and by industry vertical and the probability that your application has a similar vulnerability (hint: higher than youÛªd think). WeÛªll also look at real world guidance for setting security policies and coordinating with developers to get issues fixed across large numbers of applications.

Speakers
avatar for Tim Jarrett

Tim Jarrett

Director, Enterprise Security Strategy, Veracode
Tim Jarrett is Senior Director of Enterprise Security Strategy at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and has a Bacon number of 3. He has previously spoken at numerous events including DevOpsDays NYC, BrisTech, Birst Forward conference, the RSAM User Summit, and regional ISACA events, as well as on webcasts for Dark Reading, Black Hat, and the SANS Institute. He can be found on Twitter as @tojarrett.



Friday November 18, 2016 12:00 - 12:50
Nervion/Arenal II/III

Attendees (9)