Elevator Pitch
The Log4Shell vulnerability is a technical AND a philosophical wakeup call. See why it’s as bad as it gets and learn why you must change your behaviour. Our relationship with open source is going to change. Hear why and understand the game changing ramifications.
Description
t’s said that everyone remembers where they were when a momentous event occurs. Where were you on the 10 December 2021 or did the most comprehensively dangerous Java vulnerability pass you by?
Don’t be fooled into thinking it’s all over. Even by mid year the number of vulnerable servers will still be high because organisations still fail assess their vulnerability state correctly.
In this session I’ll cover, in detail, the actual mechanics of the vulnerability and demo a simple attack. I’ll take you through why this vulnerability can be as bad as it gets and explain what the options are to protect you application and how to assess if you’re still at risk.
It’s not all bad news. The Log4Shell wake up call shows us that we’re not paying the right sort of attention to security across the board but we can learn to do better. I’ll end the talk with explaining why security really matters, how bad actors are exploiting us and what developers can do improve their understanding of security principles in general and cover some of the practical next steps that are available.
Log4Shell is changing our world - let’s make sure its for the right reasons. Opportunity is knocking on your door. —
Notes
I’m open to doing this talk and/or the associated demo in different ways. Just ask