On one side I am a full stack developer with 10 years of experience in a java-centric universe of the big, German automotive players. On the other side I am a security architect and security consultant for Application Security related topics. In my life I did some Cobol and JCL (yuck!) coding, mainframe DB2 and Oracle administration, Spring and JEE development with Swing or Web layer on top of it. Now I am a proud OWASP member, strongly convinced that Java and Application Security belong together. You can find me on https://marek.puchal.ski
What if I told you, that the technology around us is broken? Not because it does not work, but because it does not deliver the security you expect it to. Internet is a mess, PKI is fundamentally flawed, encryption sucks and web applications are considered a major threat in the whole IT infrastructure landscape. Do you feel guilty about how the current state of security looks like? Should you? In this lecture we will go through the evil done to the technology by the engineers and we will try to answer the "guilty, not guilty" question. Regardless of the answer, we will try to look at some ideas and libraries that can help us all deliver more secure applications.