DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Log4j Scanner Blindspots

3 years ago thenewstack.io
Log4j Scanner Blindspots

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

Thanks to the https://logging.apache.org/log4j/‘s popularity and its ability to hide in code, we have landmines hiding in our infrastructure due to https://thenewstack.io/log4shell-we-are-in-so-much-trouble/https://thenewstack.io/log4shell-we-are-in-so-much-trouble/https://thenewstack.io/log4shell-we-are-in-so-much-trouble/. The bad news is, https://www.rezilion.com/, a programming security company, has found that https://www.rezilion.com/blog/log4j-blindspots-what-your-scanner-is-still-missing/. The problem with detecting Log4Shell within packaged software in production environments is that Java code can be nested a few layers deep into other files.

Salting the wound Java code can be buried many levels down in these formats.

For example, Rezillion found that while tools can detect vulnerable Log4j instances in multiple Java binaries types with a range of file extensions, sometimes the names are the ones we’re searching for.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com