It's getting dangerous out there, it's all over the news, IT security is simply no longer something one can ignore.

In this session we'll model all the threats to a typical web application powered by a Java back-end. We’ll have fun, state the obvious, debate and debunk a few security myths:

• Yes, strong security comes at price, it requires a brain,
• No, strong security does not mean crappy user experience,
• No, there is no silver bullet, be pragmatic,
• Yes, they are many standards and frameworks (saml, oauth, jwt, 2-way-ssl ...) ** we'll showcase a few and debate when to choose what
• Yes, SELinux and the Java SecurityManager can be your friends
• Yes, Security needs to be baked into all your automation and continuous integration. Secret Management is key

Remember, It’s not a question of 'if' but 'when' you’ll be hacked, at the end of this session, you’ll decide for yourself if it's really time for this Java web app to go live !

It's a fun, pragmatic, very instructive talk we've been doing in the past (well received at Devoxx France for instance)