2011 Talks

JBoss security: penetration, protection and patching

JBoss is more than just the world’s most popular open source application server. JBoss products now go far beyond the traditional application server, including components to handle SOA, BRMS, portals and telecommunications. This is a huge and diverse code base, with wide ranging security concerns. This talk will provide an overview of JBoss security, covering:

  • System architecture
  • Attack vectors
  • Historical vulnerabilities
  • Configuration and application weaknesses
  • Security response & counter-measures

This talk is aimed at an audience with a basic knowledge of application server technologies and key categories of vulnerabilities. It will be of interest to anyone who works with JBoss, Java or middleware in general, be they system administrators, developers, managers or security professionals.

Speaker: David Jorm

 David Jorm is a software engineer based in Brisbane. He currently works as the security response engineer for Red Hat's JBoss product line. He has worked on technical writing projects, OCR, meteorological observations, hotel reservations and mental health education initiatives.

In his spare time he studies Geography, Mathematics and Chinese at the University of Queensland.




4 Years and 4 Thousand Websites Worth of Vulnerability Assessments: What Have We Learned? 4 Years and 4 Thousand Websites Worth of Vulnerability Assessments
Dynamic Program Analysis and Software Exploitation Dynamic Program Analysis and Software Exploitation