Towards a More Secure JDK

The last few years have seen new computing trends like increased use of mobile devices, big data and a world connected with internet. This has made Java applications vulnerable to threats and attacks. With time, holes get exposed in cryptographic algorithms and security protocols. They then need to be replaced with stronger alternatives. This session will show how safety mechanisms have been built into JDK to automatically protect applications from weak algorithms and protocols such as MD2, MD5, RC4, weak RSA/DSA keys and SSLv3. A wide variety of security controls have been made available which range from automatic defenses to user friendly APIs. Several new security controls have been introduced in Java 8 and Java 9 platforms like SHA-3 hash algorithms, OCSP stapling for TLS and DRBG SecureRandom implementation. This session will benefit Java developers by introducing them of the many defenses present and available in the Java ecosystem.

 
 

Outline/structure of the Session

  • Java Security Review
  • Making the JDK more Secure
  • Java 9 Security Enhancements
  • Cryptography - New Algorithms
  • Public Key Infrastructure
  • Transport Layer Security - DTLS, OCSP Stapling
  • Java Modularity
  • Annotation Enhancements
  • Security Tools

Learning Outcome

Attendees will be apprised of the changed security threats in the JDK ecosystem. The different mechanisms introduced in Java 8 and Java 9 to make applications secure would be introduced. The presentation will help raise awareness of the many defenses present and available in the Java ecosystem, something every Java developer can benefit from.

Target Audience

Developers, Architects, Security Advocates

Requirements

A normal room with projector and good lighting.

schedule Submitted 1 month ago

Comments Subscribe to Comments

comment Comment on this Proposal

    • Liked Vaibhav Choudhary
      keyboard_arrow_down

      Java 9 - The game changer for Cloud

      Vaibhav Choudhary
      Vaibhav Choudhary
      schedule 1 week ago
      Sold Out!
      45 mins
      Talk
      Advanced

      Java has evolved and continues to remain as one of the most reliable platforms for Application Development. With the advent of the Cloud it is paramount for Cloud scale applications to run on a smaller footprint. The upcoming Java SE9 release, with a host of features, helps just that. Java is evolving as a modular and cloud focused platform. One of the highlights of Java SE 9 is Project Jigsaw. It will enable our customers to have a leaner runtime with enhanced security and better performance. In this talk, the audience will understand how Java 9 better enables developer productivity, reduces server overhead, improves application density and predictability and why it is the best platform for SAAS and PAAS in the cloud.

      Scope of the final presentation:-

         1    Project Jigsaw Overview and its implication on Oracle cloud.

         2    Other key Java Features to look forward to - AppCDS (Low Latency Application Development with great startup time) , G1 Garbage Collector (Predictable Pauses by Application), Excellent Monitoring tools.

         3    Modular JDK Demo - Java + Eclipse + Docker 

         4    Conclusion - Java is the future of Oracle cloud.

    • Gaurav Gupta
      Gaurav Gupta
      Shiwani Gupta
      Shiwani Gupta
      schedule 2 weeks ago
      Sold Out!
      90 mins
      Tutorial
      Advanced

      Create a fully operational Java EE application in a few minutes from scratch and select the technologies based on preferences such as Docker, REST API, MVC 1.0, Arquillian, JSP and AngularJS, Angular 2.x . The solution features a high-quality, rich web UI, business logic, security, a REST API and more. Don't miss this session if you are serious about saving time.

    • Liked Manoj NP
      keyboard_arrow_down

      JDT Embraces Java 9 - An insider's perspective

      Manoj NP
      Manoj NP
      Sasikanth Bharadwaj
      Sasikanth Bharadwaj
      schedule 2 weeks ago
      Sold Out!
      20 mins
      Talk
      Intermediate

      Eclipse Java Development Tooling or JDT has its own Java compiler at its core, aptly called the JDT Core consisting of the Java compiler and various tools including java model, search infrastructure, content assist, Abstract Syntax Tree Tools etc.  Java 9 is the latest entry in the Java world bringing along-with it a "module" of changes - so to speak.  Any change in the language standards affects JDT directly. While some of the earlier language specification changes affected only the compiler, Java 9, in contrast, has a direct impact on user who uses Eclipse IDE for creating and managing Java Projects. Java 9  introduces the concept of "Modules" which affects JDT from the compiler level to the project dependency layer affecting a normal user. Support for this feature will be dealt with, in detail, in this talk.

      This talk would start with a brief overview of the Java 9 features especially the "module" feature that have direct impact on Eclipse users,  describe the JDT support for features, touch upon some of the design aspects, and would conclude with a demo of Eclipse JDT for Java 9.

    • Liked Deepali Kishnani
      keyboard_arrow_down

      Natural Language Based Query Engine for Eclipse Modeling Framework

      Deepali Kishnani
      Deepali Kishnani
      Harkirat Singh Lamba
      Harkirat Singh Lamba
      schedule 3 weeks ago
      Sold Out!
      45 mins
      Demonstration
      Beginner

      Searching in big databases is the need of the hour. With ever growing applications and customer base, quicker search over the data helps you survive. Modeling Frameworks sit at the core of modern software. The increasing complexity of business requirements are reflected in the increasing complexity of the modeling framework. What if you could query the complex models within seconds? This is just one use case of VIATRA Query.

      VIATRA Query is an Eclipse project. Initially conceived by the Budapest University of Technology and Economics, VIATRA is an Event-driven and Reactive Model Transformation Platform.  We have used VIATRA Query to create a small search engine for Ecore models of EMF using Natural Language Based Rule Engine and would like to share our experience with it.

      VIATRA Query enables the user to query the EMF models without having to manually traverse them. Complex queries can be converted into patterns. Parameters to models can be passed at runtime, something which is crucial to any query engine. The idea of creating a search engine using VIATRA Query opens up new and innovative ideas of working with Eclipse Modeling Framework. To know more about the algorithm behind this technology or how we made it work, please join us at the Eclipse 2017 Summit!

    • Liked Deepu Xavier
      keyboard_arrow_down

      Natural Language Processing & Java

      Deepu Xavier
      Deepu Xavier
      schedule 1 month ago
      Sold Out!
      45 mins
      Talk
      Beginner

      This session will cover the basics of Natural Language Processing. We will see the basics of Named Entity Recognition, Sentiment Analysis and other basic features of NLP.

    • Gurpreet Sachdeva
      Gurpreet Sachdeva
      schedule 1 month ago
      Sold Out!
      45 mins
      Talk
      Advanced

      Java 8 was released quite a while ago and we are now close to release of Java 9. There are discussions of Java 10 features also. There are many who are still stuck with older versions for various reasons. Many people claim that their code supports Java 8 but they aren't really using the powerful features of Java 8 like lambda expressions, Streams API and the new Date / Time API. This session does a quick recap of the powerful and unique features of Java 8. Tips and techniques to identify areas of code fit for refactoring to Java 8, will be shown. Eclipse can be leveraged to refactor code to use features like lambdas and streams. Pros and Cons of these features would be covered so that an informed decision can be taken whether to refactor or not.

    • Gurpreet Sachdeva
      Gurpreet Sachdeva
      schedule 1 month ago
      Sold Out!
      45 mins
      Talk
      Advanced

      Java 8 was released in March 2014 with lambda expressions as its flagship feature. Many people have used them to write more concise and flexible code. Lambda expressions can be combined with the Streams API to express rich data processing queries. Many popular programming languages already had support for "lambdas" aka "closures". Interestingly, many of these languages run on the JVM and Java as the most prominent language running on the JVM did not want to be left behind. Java has provided support for lambdas using an elegant mechanism of "invokedynamics". In addition to this the streams API provided support for concurrent execution of instructions to suit new age parallel pipelined microprocessors. This session does a recap of Lambdas and Streams and their benefits with some practical examples. It then goes on to see how the community has taken these concepts. The excellent support provided by Eclipse for Lambdas will also be covered.

    • Vaibhav Choudhary
      Vaibhav Choudhary
      schedule 2 months ago
      Sold Out!
      45 mins
      Lightning Talk
      Intermediate

      World is moving fast towards parallelism. It will soon be seen that parallelism is the default nomenclature of the new software design. As a core member of Java Platforms Team, I want to bring the fact that how programming languages are leveraging the power the parallelism in this world of many core processors.

      Though parallelism is the new demand, it is extremely hard generate performance on parallelism. We need to learn "the best practices" for parallelism.