Loading Events



Log4j Vulnerability: What you can do now

January 14, 2022, 2:00-2:30 PM ET



The most serious of vulnerabilities was just found in the most used logging framework, but DevSecOps teams can quickly identify what’s impacted and where they focus their time. It’s important for software teams to future proof their code and continually look for these types of flaws, as well as defenses that let software adapt itself to an evolving threat landscape. Historical defense techniques like Web Application Firewalls (WAFs) are inc​​apable of addressing vulnerabilities like this because the data doesn’t just come from web input and isn’t visible with signatures.

Learn how only Contrast’s embedded approach allows you to:

  • scale to find what apps have vulnerable versions of Log4j
  • find which apps have the vulnerability (and others like it) 
  • most urgently, stop attacks against it, today, without waiting for a patch or WAF signature
  • most importantly, future proof your code and protect against the many zero-days to come

Erik Costlow is a software security expert with extensive Java experience. He manages developer relations for Contrast Security, weaving sensors into applications, giving them the ability to detect security threats based on how the application uses its data. Erik was the principal product manager in Oracle focused on security of Java 8, joining at the height of hacks and departing after a two-year absence of zero-day vulnerabilities. 

Presenter: Erik Costlow

Presenter: Erik Costlow

Developer Relations, Contrast Security

Contact Working Group Program Manager, Kiersten Patton, at kpatton@atarc.org to be added to this presentation

Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly.