1 / 6

Secure Your Application From Log4j Vulnerabilities

In the Java ecosystem, dependencies are distributed as Java archive (JAR) files, which are packages that can be used as a Java library. You can have a JAR nested in a JAR nested in a JAR. This creates many layers that all need to be investigated. Just looking at the JARs your project pulls in directly may not be enough, since Log4j could be hiding inside of another JAR file! For more information visit our website https://www.komodosec.com <br>To know more click here: https://bit.ly/3yM6ZTl <br><br>For further details please contact: ISR: 972 9 955 5565, USA: 1 917 5085546, UK: 44 20 37694351<br>

Stassy
Download Presentation

Secure Your Application From Log4j Vulnerabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Your Application From Log4j Vulnerabilities A bug in the Log4j library can allow an attacker to execute arbitrary code on systems that use Log4j to write logs. Log4j is an old-timer open-source library used by many software developers and built-in into many Java-based platforms. A common scenario would be to log write the user-agent HTTP header to the log. However, it can be any part of the HTTP request and is not limited to the HTTP protocol. This Log4j vulnerabilities affects many applications, some of which you can find in any organization (e.g VMWare, AWS, Google, and many more). Some may be unique and specific to your organization alone. The challenge is finding Log4j because of the way Java packaging works. It's possible you have Log4j hiding somewhere in your application and don’t even know about it.

  2. Why Is It a Challenge To Address Log4j In the Java ecosystem, dependencies are distributed as Java archive (JAR) files, which are packages that can be used as a Java library. You can have a JAR nested in a JAR nested in a JAR. This creates many layers that all need to be investigated. Just looking at the JARs your project pulls in directly may not be enough, since Log4j could be hiding inside of another JAR file!

  3. How Komodo Consulting Addresses Log4j vulnerabilities We at Komodo Consulting scan a large number of especially nested layers of JAR files, identify their existence, their version, and report which specific vulnerabilities your software contains. We have the ability to scan your applications no matter where they reside: ● Scan a directory on disk ● Scan a container image locally ● Scan a container in a remote registry

  4. We recommend scanning source code before building, or the final application after it’s built. It’s important to scan your applications during every stage of development. Just because a source code scan is clean doesn’t mean the final build will be. Even scanning after deployment is a good idea. Maybe you didn’t pick up a critical Log4j vulnerability last week, but you might this week!

  5. Komodo Consulting is a high-end cyber security firm that specializes in Third-Party Cyber Risk Assessment, Application Security, Black-Box Penetration Testing, Red-Team Exercises, serving Fortune 500 companies in Israel, Europe, and the US. Founded by leading consulting experts with decades of experience, the team includes seasoned security specialists with worldwide information security experience along with military intelligence experts.

  6. TALK TO OUR REPRESENTATIVES USA: +1 917 5085546 UK: +44 20 37694351 ISR: +972 9 955 5565 Email: info@komodosec.com Website: https://www.komodosec.com/contact

More Related