Security for developers - secure your existing apps

A presentation at OpenMunich 2019 in in Munich, Germany by Alexander Reelsen

This talk will use the existing Elasticsearch codebase as an example of how to secure a service while remaining the same level of usability. Several features will be covered, amongst others the use of the Java Security Manager within Elasticsearch, the integration of seccomp and other native features, the implementation of a secure scripting language and how to properly implement secure use of plugins.

The goal of this talk is to make sure that any developer in the room does absolutely have zero excuses to not use seccomp and other features to secure their own application.