Cross-Build Injection Attacks: How Safe Is Your Java Build?

Everyone tests the security of their application, but how safe is the build process that creates the application itself? Modern Java build tools automate the process of retrieving dependencies from public repositories such as Maven Central. Although convenient, this unfortunately also opens the door for code-injection attacks during the build process. These so-called cross-build injection (XBI) attacks are not very well known, but their impact can be devastating. You can counter attacks by both improving organizational processes and using cryptographic primitives to ensure that dependencies are safe. This session shows what you can do to secure your builds, presenting XBI attack vectors along with the appropriate countermeasures.

Copyright © 2013 Oracle and/or its affiliates. Oracle® is a registered trademark of Oracle and/or its affiliates. All rights reserved. Oracle disclaims any warranties or representations as to the accuracy or completeness of this recording, demonstration, and/or written materials (the "Materials"). The Materials are provided "as is" without any warranty of any kind, either express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement.