Room 2

16:20 - 17:20 (UTC+02)

Talk (60 min)

Advances in Java Security

Building secure software requires the use of a wide variety of security control at many different layers of your application. While the concepts of these security controls are universal, their implementation is not.

Every language has its peculiarities, dedicated security features and recommended APIs. This session reviews several new security enhancements available in the recent version of the Java platform. Examples are SHA-3 support, deserialization security, better TLS and DTLS support, web plugin deprecation, security manager changes, improved key management, dangerous API deprecations and a whole lot more. This session gives a solid overview of the security defenses offered in the Java 9, 10, 11 and 12 platforms.

  • Deserialization Advances
  • Dangerous API deprecations
  • Crypto Advances
  • TLS Enhancements
  • New Key Management Tools
  • Security Manager Changes

Jim Manico

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for Nucleus Security, BitDiscovery, SecureCircle, and Inspectiv. Jim is a frequent speaker on software security practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see