Back To Schedule
Thursday, April 19 • 5:25pm - 5:55pm
First Line of Defense: Patching Vulnerable Java Application Dependencies in CF - Aner Mazur, Snyk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
What happens when a critical Java security vulnerability is detected in an application dependency, and upgrading is hard? How could you respond quickly without disrupting your development process and immediately shifting substantial resources to test a major upgrade?

This talk will analyze high-impact Java vulnerabilities, such as the Apache Struts vulnerability that was exploited in the May 2017 Equifax data breach. We'll show how to exploit them as an attacker would, discuss the various ways such a Java vulnerability could be addressed in the CF environment, as well as present an automated patch first, upgrade later approach.

avatar for Aner Mazursky

Aner Mazursky

Chief Product Officer, Snyk
Aner is the VP of Product Management at Snyk. He is responsible for setting the product strategy and delivering open source security solutions for developers. Prior to joining Snyk Aner was head of product management at Outbrain, and prior to that Aner came from an algorithmic R&D... Read More →

Thursday April 19, 2018 5:25pm - 5:55pm EDT
Meeting Room 253C
  Cloud Native Java
  • Experience Level Any