[ :: mainpage :: register :: conference :: training :: venue map :: agenda :: press/media ]
[ :: capture the flag (CTF) :: zone-h hacking challenge :: open-hack :: forum :: sponsors ]
[ :: contact :: past conferences :: open source security project showcase ]

Conference presentation materials have been released.
You can download them from Packet Storm

Marc Shoenefeld

Filed under: Conference Speakers — Administrator @ 8:20 pm

April 21, 2005

Presentation Title: Java & Secure Programming
Presentation Details:

Java is not secure by default, you as a programmer can use its built-in features to make your software more secure, but on the other hand your errors and the flaws in the software stack below (like the JDK) can add a wide range of vulnerabilities to your java based software. The talk is about the causes and effects of coding errors and the techniques to detect them, demonstrated with findings in the current Sun JDK.

During the talk we describe “Antipatterns” that have negative influence on coding quality. Antipatterns are related to design patterns but they have more negative than positive side effects while solving a general problem. Other problems discussed are language specific issues like non-final static fields and JDK framework issues like serialisation problems, privileged code and insecurity caused by security-unaware component deployment.

All antipatterns are illustrated by real-life vulnerabilities, most of them documented by the corresponding advisories. The underlying code problems were discovered with the help of automated detectors. These detectors are optionally presented in a code-walkthrough.

About Marc:

Marc Schonefeld is an external PhD student at the University of Bamberg in Germany. His research covers the analysis of interdependencies between programming flaws (antipatterns) and vulnerabilities in software. By developing a framework for flaw detection he found a range of serious bugs in current java runtime environments (JDK) and other java based applications and middleware systems(like Jboss, Cloudscape database, …). Some of his findings led to the publication of a number of advisories by Sun Microsystems. In 2004 he presented at DIMVA and D-A-CH conferences and was speaker at Blackhat and RSA in 2003. Also in 2004 he was finalist for the European Information Security Award for his work on java based security antipatterns.

Comments are closed.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Main Sponsor

Microsoft Corporation

Official Airline Partner

Malaysia Airlines

Open-Hack Sponsor

VIA Technologies Inc.

CTF Sponsor

Scan Associates

CTF Prize Sponsor


Media Partners:

The Virus Bulletin Conference takes place at The Burlington, Dublin, Ireland, 5 to 7 October 2005. Register here.

Phrack Magazine

Our Speakers Are Supported By:

Bellua Asia Pacific

F-Secure Corporation

Supporting Organizations


Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore