Building cloud-native Java applications is undoubtedly awesome.
However, it comes with undeniable new risks. Next to your own code, you are relying on so many other things.
Blindly depending on open-source libraries and Docker images can form a massive risk for your application. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data.
In the talk below we’ll show common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j. Most importantly, you’ll learn how to protect your application with actionable remediation and best practices.
The above talk was part of the Friends of OpenJDK room at FOSDEM 2022.