Loading...

Cross-Build Injection Attacks: How Safe Is Your Java Build?

363 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 4, 2013

Everyone tests the security of their application, but how safe is the build process that creates the application itself? Modern Java build tools automate the process of retrieving dependencies from public repositories such as Maven Central. Although convenient, this unfortunately also opens the door for code-injection attacks during the build process. These so-called cross-build injection (XBI) attacks are not very well known, but their impact can be devastating. You can counter attacks by both improving organizational processes and using cryptographic primitives to ensure that dependencies are safe. This session shows what you can do to secure your builds, presenting XBI attack vectors along with the appropriate countermeasures.

Copyright © 2013 Oracle and/or its affiliates. Oracle® is a registered trademark of Oracle and/or its affiliates. All rights reserved. Oracle disclaims any warranties or representations as to the accuracy or completeness of this recording, demonstration, and/or written materials (the "Materials"). The Materials are provided "as is" without any warranty of any kind, either express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement.

Loading...

to add this to Watch Later

Add to

Loading playlists...