JavaOne 2026

JavaOne 2026 Session

Duke in front of a whiteboard

When code has no author: Securing Java apps through the SDLC

Summary

“The era of humans writing code is over” —Ryan Dahl.

LLMs are getting better at generating code that works, but they still introduce vulnerabilities at a troubling rate. This session addresses the security risks that emerge when Java code is generated by GenAI assistants and shipped at scale. Risks such as injection vulns that slip without proper input validation, authz bypasses, data leaks, and deserialization gadgets. In today's SDLC reality, code generation and ownership is fragmented. This session makes the case for runtime-first security:

  • IAST proves real exploitability during dev with no human in the loop, and...
  • RASP stops zero-days in production.

If Java code is generated by prompts, then IAST and RASP are mandatory controls, not niche tools.

Profile

Type: Learning Session (50 min)

Track: Machine Learning and Artificial Intelligence

Audience Level:

Speaker: Doug Ennis

Session: Wednesday, March 18th at 8:30 AM in Room 105