Talk

Log4Shell : Armageddon or Opportunity?

Conference
Security
Voting no longer possible
Voting enabled when talk has started

It’s said that everyone remembers where they were when a momentus event occurs. Where were you on the 10 December 2021 or did the most comprehensively dangerous Java vulnerability pass you by?


Don’t be fooled into thinking it’s all over. Even by mid year the number of vulnerable servers will still be high because organisations still fail assess their vulnerability state correctly.  


In this talk I’ll cover, in detail, the actual mechanics of the vulnerability and demo a simple attack. I’ll take you through why this vulnerability can be as bad as it gets and explain what the options are to protect you application and how to assess if you’re still at risk. 


It’s not all bad news. The Log4Shell wake up call shows us that we’re not paying the right sort of attention to security across the board but we can learn to do better. I’ll end the talk with explaining why security really matters, what developers can do improve their understanding of security principles in general and cover some of the practical next steps that are available.  


Log4Shell is changing our world - let’s make sure its for the right reasons. Opportunity is knocking on your door.


Steve Poole

Sonatype

Me