Apache Commons Crypto: Another Wheel of Apache Commons – Xianda Ke
Apache Commons Crypto is a cross-platform cryptographic library optimized with AES-NI and hardware random number generator. With the benefits of hardware acceleration and the optimized native implementation, this library outperformed JCE by an order of magnitude. Java developers can use this handy library to get strong and high performance AES encryption/decryption. This presentation will introduce the origin of Apache Commons CRYPTO, the recent improvements in commons crypto community, how CRYPTO accelerates data encryption, and the future plan of Apache Commons Crypto.
Object Lessons: Deserialization After Apache Commons Collections – Tim Jarrett
ItÛªs the biggest vulnerability of 2015 that didnÛªt get a brand name. The deserialization vulnerability in the Apache Commons Collections library also impacted the build server that powers most software developers and a half dozen other key pieces of the shared Java software infrastructure. But Java deserialization vulnerabilities are more widespread than you might guess.
This presentation reviews data from over 200,000 application security scans to help defenders better understand the risk of Java deserialization vulnerabilities. We look at vulnerability prevalence both overall and by industry vertical and the probability that your application has a similar vulnerability (hint: higher than youÛªd think). WeÛªll also look at real world guidance for setting security policies and coordinating with developers to get issues fixed across large numbers of applications.
Apache Commons is an Apache project focused on all aspects of reusable Java components. The Commons Lang component provides the well known StringUtils class. But there is more to Apache Commons then just StringUtils. In this presentation, Benedikt Ritter will give an overview over the Apache Commons project followed by some examples for using selected Apache Commons components.