Log4j and Java sucks, but I don't use that, so I'm safe...right? Wrong. This video walks through the wrong lessons to take away from the huge Log4j remote code execution vulnerability, known as LogShell, and points you at the lessons you should be learning instead. While the Log4j vulnerability may not directly affect you, its type of vulnerabilities certainly do.
CHAPTERS
00:00 Hook
00:10 Intro
00:35 Log4j vulnerability explained
01:58 1. It's Java's fault
02:51 2. Avoid popular libraries
04:05 3. Avoid 'enterprise' libraries
05:02 4. Backwards compatibility is bad
06:36 5. Write your own common libraries
08:18 Lessons to learn
08:31 1. Sanitize user inputs
09:09 2. Use popular libraries
09:29 3. Keep your libraries up to date
10:19 Outtro