Marek Puchalski | Devoxx

Marek Puchalski
Marek Puchalski

From Capgemini Polska

On one side I am a full stack developer with over 10 years of experience in a java-centric universe of the big, German automotive players. On the other side I am a security architect and security consultant for Application Security related topics. In my life I did some Cobol and JCL (yuck!) coding, mainframe DB2 and Oracle administration, Spring and JEE development with Swing or Web layer on top of it. Now I am a proud OWASP member, strongly convinced that Java and Application Security belong together. You can find me on


archi Architecture & Security

Application Security 101


Applications and systems are written by developers. It’s a tough job, when you think about it. You try to fulfill the business requirements to make the users happy, you try to write clear code to make your fellow colleagues content, you try to make the whole thing scalable, maintainable and extensible for whatever the reason might be. On top of it you still need to make the system secure.

But what does “secure” actually mean? Where does security actually start and when do we stop and say that “security is ready”? How can you test that implemented security controls actually work? Are you able to deliver security fast? What’s the latest state of the art regarding what needs to be done?

If you want to know the answer to at least one of the questions, feel invited to join the talk. We will speak about crypto, security headers, injection, dealing with third party code, authentication and access control and many, many more.