Using Instrumentation to Find Vulnerabilities in Java EE Applications
Powered by iSpeech
Java EE is the platform of choice for critical applications—exactly the ones targeted by groups such as Anonymous and organized crime. However, discovery of software vulnerabilities has always been a costly and error-prone process. In this session, Aspect Security discusses its discovery of a way to use the Java Instrumentation API to perform "intrinsic analysis"—finding vulnerabilities from within a running application. Its approach is simple to implement and powerful, enabling developers to find security flaws without headaches and false alarms. The company has created a Java agent that runs in your app server and discovers vulnerabilities passively as you develop and test, without requiring anyone to attack your code. Aspect Security will be releasing a free version of its technology.
Copyright © 2013 Oracle and/or its affiliates. Oracle® is a registered trademark of Oracle and/or its affiliates. All rights reserved. Oracle disclaims any warranties or representations as to the accuracy or completeness of this recording, demonstration, and/or written materials (the "Materials"). The Materials are provided "as is" without any warranty of any kind, either express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement.
2013-01-31 02:07:37
source
Gloss