Speaker Details

Steve Poole

Sonatype

Me

Log4Shell : Armageddon or Opportunity?

Conference
Security

It’s said that everyone remembers where they were when a momentus event occurs. Where were you on the 10 December 2021 or did the most comprehensively dangerous Java vulnerability pass you by?


Don’t be fooled into thinking it’s all over. Even by mid year the number of vulnerable servers will still be high because organisations still fail assess their vulnerability state correctly.  


In this talk I’ll cover, in detail, the actual mechanics of the vulnerability and demo a simple attack. I’ll take you through why this vulnerability can be as bad as it gets and explain what the options are to protect you application and how to assess if you’re still at risk. 


It’s not all bad news. The Log4Shell wake up call shows us that we’re not paying the right sort of attention to security across the board but we can learn to do better. I’ll end the talk with explaining why security really matters, what developers can do improve their understanding of security principles in general and cover some of the practical next steps that are available.  


Log4Shell is changing our world - let’s make sure its for the right reasons. Opportunity is knocking on your door.


JAVA JEP'DY

Community Event
Java

Inspired by the original Jeopardy TV series, join us for a game where contestants have to use to guess the question from the clues given. For instance the clue “In Java 15 we said goodbye to this German rhinoceros”. might have the question “What is Nashorn”. Simple huh? Each successful answer scores points. Each wrong guess costs points. Winner takes all.


Join us for some fun.