Note: this is content from ÜberConf 2011. Please find current event information on our home page.

Platinum Sponsors

NFJS One - Training, Consulting, Mentoring

ÜberConf 2011 Brochure - Download

Westin Westminster
10600 Westminster Blvd
Westminster, CO 80020
Map »

Proud Supporter of:

Frank Kim

Author of Secure Coding in Java/JEE

Frank Kim is the founder and principal consultant with ThinkSec as well as the curriculum lead for application security at the SANS Institute. Frank has over 14 years experience in software development, information technology and security. He has designed and developed applications for large health care, technology, insurance, and consulting companies. Frank currently focuses on developing software security programs and integrating security into the software development life cycle by doing penetration testing, security assessments, architecture reviews, code reviews, and training.

Frank is the author of SANS Developer 541: Secure Coding in Java/JEE and has given security talks at JavaOne, Devoxx, and Jazoon. Recently, Frank was named a JavaOne Rock Star for his talk "Java EE Web Security By Example".

Presentations

Tricks of the Trade - What Every Developer Should Know About Application Security

Learn how to exploit security vulnerabilities that are commonly found in the arsenal of malicious attackers. We won't simply talk about issues like Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF), but will show how hackers abuse these potentially devastating defects by finding and exploiting vulnerabilities in real world open source web applications built in Java. We will proceed to walk through the source code and actually fix these issues using secure coding techniques. We will also discuss best practices that can be used to build security into your SDLC.

Java developers and architects will learn how to find and fix security issues in their applications before hackers do.

This session covers
- Exploiting vulnerabilities in a running web application
- Finding security issues in the source code of a real open source application
- Fixing the vulnerabilities using secure coding techniques

Blogs

Managing state between steps

Posted By: John Smart on Feb. 21, 2012

Sometimes it's useful to be able to pass information between steps. For example, you might need to check that a client's details entered into a registration form appear correctly on a confirmation page later on. You could do this by passing values from

The Griffon Trove: peeking at the build

Posted By: Andres Almiray on Feb. 20, 2012

There are times when working with Griffon you'd like to know what's really happening during build process execution; for example, how much time does it take for a task to complete, or what are the different events you can react to using build event ha

The Griffon Trove: what version are you running?

Posted By: Andres Almiray on Feb. 19, 2012

Welcome to a new series of posts regarding Tips & Tricks about Griffon. The Griffon team decided to leave a late San Valentin present in the form of Griffon

Yak Shaving to Install Git Via MacPorts on OS X Lion

Posted By: Bruce Snyder on Feb. 19, 2012

Today I needed to set up a new MacBook Pro and as such one of the tasks was to install git on OS X Lion. Being that I am a fan of MacPorts, I decided to start there but I ran into some strange errors. Unfortunately I wound up doing a lot of yak shav

The Regenexx Stem Cell Procedure for my Knee

Posted By: Bruce Snyder on Feb. 18, 2012

In my last blog post, I discussed the problems I have had with my knee, the recent injury causing meniscus tears and about the alternative treatment I elected to have instead of surgery. Well this week I underwent the treatments for the Regenexx proc

Pragmatic Managers Posted for Your Reading Pleasure

Posted By: Johanna Rothman on Feb. 17, 2012

I have posted 2012′s Pragmatic Manager emails. I have been writing in themes this year: I am writing about geographically distributed teams in preparation for my Geographically Distributed Teams Workshop with Shane in April: Building Trust in Any

Webinar Recording Available, Last Day for Early Registration for Workshop

Posted By: Johanna Rothman on Feb. 15, 2012

Shane and I recorded a webinar at noon today, about our Geographically Distributed Agile Teams workshop. We had a great time, and answered a lot of questions. We had a few recording glitches, so if you hear me talking over Shane, oop

Inception Score Easter Egg with Web Audio API

Posted By: Terry Ryan on Feb. 15, 2012

There's a great video on YouTube detailing an Easter Egg in the score for the movie Inception. Basically Inception is about dreams and the slowing down of time. Likewise the score is based on the slowing down of music that is played inside the plot of

Web Audio API: setting playbackRate

Posted By: Terry Ryan on Feb. 14, 2012

I was working on a little demo showing the manipulation of playback rates of audio clips. The Audio tag failed miserably. On Safari and Chrome (both for Mac) the audio tag couldn't playback the audio any slower than half spee

More Blogs »

Themes at ÜberConf

Architecture
Enterprise Java
Java Internals
Security - Enterprise & JVM
Cloud Computing
Languages on the JVM - Groovy, JRuby, Scala & Clojure
Java Web Frameworks - Wicket, Tapestry & SpringMVC
Build Systems - Maven & Gradle
Testing
Agility

Featured Speaker

Brian Sletten

Forward Leaning Software Engineer

Brian Sletten is a liberal arts-educated software engineer with a focus on using and evangelizing forward-leaning technologies. He has a background as a system architect, a developer, a security consultant, a mentor, a team lead, an author and a trainer and operates in all of those roles as needed. His experience has spanned the online game, defense, finance, academic, hospitality, retail and commercial domains. He has worked with a wide variety of technologies such as network matrix switch controls, 3D simulation/visualization, Grid Computing, P2P and Semantic Web-based systems. He has a B.S. in Computer Science from the College of William and Mary. He is President of Bosatsu Consulting, Inc. and lives in Los..More » All Speakers »

Ken Sipe

Architect, Web Security Expert

Ken has been a practitioner and instructor of RUP since the late 1990s, and an extreme programmer and coach since the middle 2000s. Ken has worked with Fortune 500 companies to small startups in the roles of developer, designer, application architect and enterprise architect. Ken's current focus is on enterprise system automation and continuous delivery systems. Ken is an international speaker on the subject of software engineering speaking at conferences such as JavaOne, JavaZone, Jax-India, and The Strange Loop. He is a regular speaker with NFJS where he is best known for his architecture and security hacking talks. In 2009, Ken was honored by being awarded the JavaOne Rockstar Award at JavaOne in SF, C..More » All Speakers »

Jeff Brown

Core Member of the Grails Development Team

Core member of the Grails development team, Jeff Brown, is a Senior Software Engineer with SpringSource. Jeff has been involved in designing and building object oriented systems for over 15 years. Jeff's areas of expertise include web development with Groovy & Grails, Java and agile development.More » All Speakers »

Craig Walls

Author of Spring in Action

Craig Walls has been professionally developing software for over 17 years (and longer than that for the pure geekiness of it). He is a senior engineer with SpringSource as the Spring Social project lead and is the author of Spring in Action and XDoclet in Action (both published by Manning) and Modular Java (published by Pragmatic Bookshelf). He's a zealous promoter of the Spring Framework, speaking frequently at local user groups and conferences and writing about Spring and OSGi on his blog. When he's not slinging code, Craig spends as much time as he can with his wife, two daughters, 4 birds and 3 dogs. More » All Speakers »