Writing more secure code in Java

A presentation at sec4dev in in Vienna, Austria by Alexander Reelsen

Security is often an afterthought when writing applications. Time pressure to finish features or developers not being aware of issues can be two out of many reasons. This talk will use the Elasticsearch codebase as an example of how to write a broadly used software, but keep security in mind. Not only pure Java features like the Java Security Manager will be covered or how to write a secure scripting engine, but also operating system features that can be leveraged.

The goal of this talk is most importantly to make you think about your own codebase and where you can invest time to improve security of it - with maybe less efforts than you would think.