Log4j Vulnerability: What you can do now
January 14, 2022, 2:00-2:30 PM ET
The most serious of vulnerabilities was just found in the most used logging framework, but DevSecOps teams can quickly identify what’s impacted and where they focus their time. It’s important for software teams to future proof their code and continually look for these types of flaws, as well as defenses that let software adapt itself to an evolving threat landscape. Historical defense techniques like Web Application Firewalls (WAFs) are incapable of addressing vulnerabilities like this because the data doesn’t just come from web input and isn’t visible with signatures.
Learn how only Contrast’s embedded approach allows you to:
- scale to find what apps have vulnerable versions of Log4j
- find which apps have the vulnerability (and others like it)
- most urgently, stop attacks against it, today, without waiting for a patch or WAF signature
- most importantly, future proof your code and protect against the many zero-days to come
Erik Costlow is a software security expert with extensive Java experience. He manages developer relations for Contrast Security, weaving sensors into applications, giving them the ability to detect security threats based on how the application uses its data. Erik was the principal product manager in Oracle focused on security of Java 8, joining at the height of hacks and departing after a two-year absence of zero-day vulnerabilities.
Presenter: Erik Costlow
Developer Relations, Contrast Security