Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 28 • 10:30am - 11:30am
Legacy Java Vulnerabilities – Ignore at Your Own Risk

Sign up or log in to save this to your schedule and see who's attending!

Java is one of the longest standing and most widely deployed enterprise programming languages in the world. It is also frequently attacked due to its numerous and well documented security vulnerabilities, many of which have a very high CVSS (Common Vulnerability Scoring System).

This problem is amplified by the fact that countless data center applications are still running on older, legacy versions of the platform. Although the original promise of Java was application portability, in reality most core enterprise applications were written for execution on a specific version of Java, and that’s where they’ve stayed.

This session will discuss the two primary reasons that legacy Java security risks persist, namely the cost of mitigation and operational impacts. The obvious way to deal with legacy Java issues is to update the Java runtime. But this process is costly since it requires extensive application modifications, testing and re-qualification. Meanwhile, the risk of downtime is an even bigger problem. No matter how much testing is done, it’s impossible to guarantee that changes to the application will not break it.

Using several documented Java server vulnerabilities, the speaker will explain and evaluate the merits of the current approaches to addressing them, including network based tools, code analysis and run-time application self-protection. Attendees will gain a deeper understanding of legacy Java security risks, the alternatives available to address them and how to choose the right approach for their particular application environment. 

Speakers
avatar for Jonathan Gohstand

Jonathan Gohstand

Waratak, Security Stategist
Jonathan Gohstand is the security strategist for Waratek. A 20-year veteran of the IT industry, he was previously with PacketMotion, driving the creation of the User Activity Management category, until the company’s acquisition by VMware. He has worked in Cisco Systems’ Security Technology Group, where he was responsible for IOS-based security. Mr. Gohstand has held international positions with Chevron Oil and FORE Systems, in... Read More →


Wednesday January 28, 2015 10:30am - 11:30am
Annenberg Community Beach House: Track 2 415 Pacific Coast Hwy, Santa Monica, CA 90402

Attendees (6)