Talks

2025

• Prometheus Puzzlers: Traps, Pitfalls, and Corner Cases, Voxxed Days, Ioanina

• The Hacker's Guide to Pod Escape, KCD Istanbul

• Prometheus Puzzlers: Traps, Pitfalls, and Corner Cases, KCD Helsinki

• The Hacker's Guide to Pod Escape, KCD Budapest

2024

• The Hacker's Guide to Insecure Workload Configuration in Kubernetes, Order of Devs, virtual event

• Beyond a Pod: Privilege Escalation in Kubernetes, JDD, Krakow

• The Hacker's Guide to Kubernete, JNation, Coimbra

• The Hacker's Guide to JWT Security, JPrime, Sofia

• The Hacker's Guide to Insecure Workload Configuration in Kubernetes, GeeCon, Krakow

• The Hacker's Guide to Insecure Workload Configuration in Kubernetes, Java Day, Istanbul

• Beyond a Pod: Privilege Escalation in Kubernetes, Devoxx France, Paris

2023

• The Hacker's Guide to Kubernetes, DevOps Conference, Munich

• The Hacker's Guide to Kubernete: Reloaded, JCON World

• The Hacker's Guide to Kubernetes, DeveloperWeek Enterprise

• The Hacker's Guide to JWT Security, GopherConAU, Sydney

• The Hacker's Guide to Kubernetes, Porto Tech Hub

• The Hacker's Guide to Kubernetes: Reloaded, Codemotion, Milan

• The Hacker's Guide to Kubernetes, The Hack Summit

• Kubernetes Security Live Hacking, JAX London

• The Hacker's Guide to Kubernetes, JavaZone, Oslo

• The Hacker's Guide to JWT Security, GopherConUK, London

• The Hacker's Guide to Kubernetes, Kubernetes Community Days, Munich

• The Hacker's Guide to Kubernetes, European Women in Tech, Amsterdam

• The Hacker's Guide to Kubernetes, Devoxx UK, London

• The Hacker's Guide to Kubernetes, GeeCon, Krakow

• The Hacker's Guide to Kubernetes, KubeCon EU, Amsterdam

• The Hacker's Guide to Kubernetes, Clouds Builders

• Fast and Furious Multi-Cloud Connectivity, JFokus, Stockholm

2022

• The Hacker's Guide to Kubernetes, The Caribbean Developers Conference, Punta Cana

• The Hacker's Guide to Kubernetes, Codemotion, Milan

• Let's Go Triple Active with Three Clouds and Cilium, Devoxx BE, Antwerp

• The Hacker's Guide to Kubernetes, Devoxx BE, Antwerp

• Fast and Furious Multi-Cloud Connectivity, JCON

• Let's Go Triple Active with Three Clouds and Cilium, Devoxx PL, Krakow

• Fast and Furious Multi-Cloud Connectivity, Devoxx PL, Krakow

2021

• The Hacker’s Guide to JWT Security, The Hack Summit

• Security in Software Dev and Architecture, Panel, The Hack Summit

• Multi-Cloud Cluster Mesh Based on Kubernetes and Cilium, TechGround Pro

• The Hacker’s Guide to JWT Security, JCON

• The Hacker’s Guide to JWT Security, 4Developers

• The Hacker’s Guide to JWT Security, jLove

• The Hacker’s Guide to JWT Security, Ya!va Conference

• The Hacker’s Guide to XSS, JFokus Brown Bag Lunch

2020

• Security of Web Applications, Warsaw University of Technology
• Performance Antipatterns in Hibernate, ATOm Developer Day
• The Hacker’s Guide to JWT Security, JDConf
• The Hacker’s Guide to JWT Security, JFuture
• The Hacker’s Guide to JWT Security, Codemotion Madrid
• The Hacker’s Guide to JWT Security, JavaZone
• The Hacker’s Guide to JWT Security, JFokus, Stockholm

2019

• The Hacker’s Guide to JWT Security, Devoxx, Antwerp

2018

• The Hacker’s Guide to XSS, CodeOne, San Francisco (featured speaker)
• The Hacker’s Guide to NoSQL Injection, CodeOne, San Francisco (featured speaker)
• Lazy vs. Eager Loading Strategies in JPA, CodeOne, San Francisco (featured speaker)
  

2017

• The Hacker’s Guide to Session Hijacking, JavaOne, San Francisco (featured speaker)
  

2016

• The Hacker’s Guide to Session Hijacking, JavaOne, San Francisco
• Second-Level Cache in JPA Explained, JavaOne, San Francisco
• The Hacker’s Guide to Session Hijacking, vJUG
• Secure Authentication and Session Management, Voxxed Istanbul, Istanbul
• Thinking Beyond ORM in JPA, Oracle Technology Network, 2016 (virtual talk)
• Secure Authentication and Session Management, Voxxed Bucharest, Bucharest
• Secure Authentication and Session Management, Voxxed Vienne, Vienne

2015

• Thinking Beyond ORM in JPA, JavaOne, San Francisco
• Secure Authentication and Session Management, Voxxed Vilnius, Vilnius
• Secure Authentication and Session Management, JavaDay, Kyiv
• Lazy vs. Eager Loading Strategies for Java Persistence API 2.1, JavaDay, Kyiv

2014

• Secure Authentication and Session Management, GeeCON, Krakow
• Secure Authentication and Session Management, vJUG
• Lazy vs. Eager Loading Strategies for Java Persistence API 2.1, JavaOne, San Francisco (featured speaker)
• Building Secure Application with Java EE, JavaOne, San Francisco (featured speaker)

2013

• Performance Anti-Patterns in Google App Engine, JavaOne, San Francisco

2012

• Performance Anti-Patterns in Hibernate, Codemotion, Rome
• Security Vulnerabilities in Java Open-Source Libraries, JavaOne, San Francisco
• Automated Refactoring of Performance Anti-Patterns, JDD, Krakow
• Security Vulnerabilities in Java Open-Source Libraries, JDD, Krakow
• Java Persistence API and Hibernate Puzzlers, OpenBlend, Lublana
• A Performance Comparison of JPA Providers, GeeCON, Poznan
• Hibernate Puzzlers, GeeCON, Poznan
• Hibernate Puzzlers, 33rd Degree, Krakow

2011

• Performance Anti-Patterns in Hibernate, Devoxx, Antwerp
• Performance Anti-Patterns in Hibernate, JDD, Krakow
• JPA Puzzlers, JavaOne, San Francisco
• Hibernate Puzzlers, JUDCon, London
• Vulnerability Detection in Core Internet Systems, (co-presented with A. Bartosiewicz), ICANN 40, San Francisco
• Anti-Patterns and Best Practices for Hibernate, TheServerSide Java Symposium, Las Vegas
• Static Analysis in Search of Performance Anti-Patterns, TheServerSide Java Symposium, 2011, Las Vegas
• Static Analysis in Search of Performance Anti-Patterns, GeeCON, Krakow
• Patterns and Anti-Patterns in Hibernate, GeeCON, Krakow
• Patterns and Anti-Patterns in Hibernate, Confitura, Warsaw
• Wegrzynowicz P., Automated Bug Hunting, 33rd Degree, Krakow
• Patterns and Practices in Hibernate, 33rd Degree, Krakow

2010

• Best Bugs, Best Practices, and Best Tools for Hibernate, Strange Loop, St Louis
• Static Analysis in Search of Performance Anti-Patterns, JavaZone, Oslo
• Static Analysis in Search of Performance Anti-Patterns, JavaOne, San Francisco
• Patterns and Practices in Hibernate, Jazoon, Zurich

2009

• The Jungle of the Web – A Way to Survive by Detecting Fast Flux Botnets (co-presented with J. Jantura), Devoxx, Antwerp
• The Good, The Bad, and The Ugly – Three Ways to Use a Semantic Code Query System, Jazoon, Zurich
• Detection of Fast-Flux Botnets (co-presented with J. Jantura), CENTR Technical Workshop, Lisbon

2005

• eIANA System (co-presented with A. Bartosiewicz), CENTR GA, 2005, Moscow
• XML Data Binding with TopLink, UKOUG, 2005, Birmingham, UK
• Performance Tips for J2EE Data Tier, UKOUG, Birmingham

2004

• OracleAS. How to Speed Up Your Application? Performance Tips & Tricks, EOUG/SOUG Focus Day, Zurich
• Implementation of the Back Order (WLS) Service (co-presented with A. Bartosiewicz), RIPE Meeting, Amsterdam

2003

• EPP Implementation, CENTR Technical Workshop, Amsterdam

2002

• Polish EPP Standard & Software, CENTR Administrative Workshop2002, Frankfurt

Interesting trick by @yonlabs in the demo:
1. Invite all to the talk
2. Let them register at a web-app
3. Hack their accounts by exploiting vulnerabilities layer-by-layer in kubernetes cluster
4. Explain how those can be fixed#devoxx pic.twitter.com/k7RMUs30On

— Balkrishna Rawool (@BalaRawool) October 13, 2022

@yonlabs you crack my user 🤯 excelent presentation about JWT secutiry #jdconf #microsoft #java https://t.co/Rty9zcdsIS

— Walter Coan 🇧🇷 (@waltercoan) October 27, 2020

@yonlabs stole my JWT with an XSS attack at #jdconf! Great demo, thanks! pic.twitter.com/IW04kkrNbl

— Johnathan Gilday (@jdgilday) October 27, 2020

Thanks @yonlabs for a great introduction to JWT and their vulnerabilities! The session will soon be available on Vimeo to rewatch and please reach out to her directly if you had any questions! Thanks again for the great session!

— Rafael Winterhalter (@rafaelcodes) September 9, 2020

Watching presentation on JWT security with @yonlabs. Really interesting! #jfokus pic.twitter.com/rR9rSkPqd2

— Karl Dahlgren (@karldah) February 5, 2020

Excellent talk by @yonlabs about JWT security pic.twitter.com/GIgNyRZfm7

— Barry van Someren @ localhost (@bvansomeren) November 7, 2019

Rather than yet another talk about what XSS is, @yonlabs shows us and let us experience it ourselves! Awesome! #CodeOne @wearetothepoint

— Kaj Van der Hallen (@KajVdHallen) October 24, 2018

As a big fan of @yonlabs talks, the choosing of this session was a nobrainer. The hacker's guide to XSS! #CodeOne #wearetothepoint

— Kevin Smeyers (@ksmeyers) October 24, 2018

The hacker's guide to session hijacking in Java EE by @yonlabs at #JavaOne2017 #security #sketchnotes pic.twitter.com/e7EOMzQBUT

— Cyrille FRANCOIS (@Cfran2Cyrille) October 5, 2017

Hibernate config has very odd defaults. JPA puzzles with @yonlabs on #JavaOne pic.twitter.com/XqHSwhWY44

— Michał Radziwon (@michalradziwon) September 20, 2016

Thinking Beyond ORM in JPA @yonlabs pic.twitter.com/6c1PlIuP6A

— Java (@java) April 19, 2016

We are proud to count Patrycja Wegrzynowicz as a Java EE Guardian. // @yonlabs #women #technology #javaee #diversity pic.twitter.com/7FZ0tTDsjY

— Jakarta EE Ambassadors (@jee_ambassadors) April 17, 2016

#JavaOne2015 – great presentation about JPA 2 by @yonlabs , great "gotchas" related to performance and DataBases 🙂 pic.twitter.com/idwew6qznA

— Dimitar Makariev (@dmakariev) October 28, 2015