Export or edit this venue...

Oracle Portland

1211 SW 5th Ave #800
Portland, OR 97204, us (map)

Future events happening here

  • - No events -

Past events that happened here

  • Tuesday
    May 15 2018
    Portland Java User Group (PJUG) - How to Protect against Deserialization Attacks

    Oracle Portland

    Insecure deserialization is one of the most critical web application security risks, yet it is by no means a new vulnerability category. Data serialization and deserialization have been used widely in applications, services and frameworks, with many programming languages supporting them natively. Deserialization got more attention recently as a potential vehicle to conduct several types of attacks: data tampering, authentication bypass, privilege escalation, various injections and, finally, remote code execution. Two recent vulnerabilities in Apache Commons and Apache Struts, both allowing remote code execution, helped raise awareness of this risk.

    We will discuss how data serialization and deserialization are used in software, the dangers of deserializing untrusted input, and how to avoid insecure deserialization vulnerabilities.

    Speaker:

    Alexei Kojenov (https://twitter.com/kojenov) is a Senior Application Security Consultant with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications. Aspect Security was recently acquired by Ernst&Young and joined EY Advisory cybersecurity practice.

    Website
  • Tuesday
    Sep 19 2017
    Portland Java User Group (PJUG)

    Oracle Portland

    Chris Hansen will be presenting an early version of a talk "It’s Good to Have (JVM) Options" he will be delivering at the JavaOne technology conference in October. Chris has organized technology events for youth in Portland and is a product manager for New Relic's Java agent.

    Abstract:

    The Oracle HotSpot JVM has hundreds of command-line options for tuning performance for your particular application and workload. Which ones are the most useful and the most commonly used, and which are misused? New Relic monitors more than half a million JVMs. In addition to providing runtime performance data, the New Relic Java Agent reports JVM command-line options. By looking at anonymous JVM configuration data, we can draw out interesting patterns and trends. This presentation walks through some of the most commonly used JVM options and some cases in which certain combinations may have unintended consequences. You’ll come away with a better idea of when to use an option and when JVM defaults may be the best choice.

    Website
  • Tuesday
    Jul 18 2017
    Portland Java User Group - ApiBuilder

    ApiBuilder is a toolkit for building REST web services. ApiBuilder originated at Gilt.com as a better way to describe and document web service APIs.  This presentation will discuss the history behind ApiBuilder as well examples of how it is being used in Gilt's production environment.

    Speaker:

    Sean Sullivan is a Principal Software Engineer at HBC Digital. Sean has been a member of HBC/Gilt team since 2011.

    Venue Notes:

    Doors open at 6 for pizza provided by TEKSystems. The presentation will begin at 6:30pm. 

    slides: https://speakerdeck.com/sullis/apibuilder

    Website