Understanding Log4Shell: vulnerability, attacks and mitigations (livestream)

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution and environment variable leaking. The vulnerability was publicly disclosed last week and took the Java world by storm because of its widespreadness.

But what is the Log4Shell vulnerability? How does it work? What types of attacks are possible and which mitigations exist?

Join this session for answers! Java champions Roy van Rijn and Bert Jan Schrijver will dive into the vulnerability together by explaining its origin, looking at the inner workings and showing a live demo of exploiting and fixing a vulnerable Spring boot application. We'll also discuss what actions to take when you find out your application is (potentially) vulnerable and are ready to answer any remaining questions you have.

You can tune in to the stream from the comfort of your home and ask questions via the live chat. The speakers will monitor the chat for your questions and answer them as soon as they can.

This session will be presented in English and live streamed via YouTube - RSVP now for an hour of learning and fun!

Speakers: Roy van Rijn and Bert Jan Schrijver (OpenValue)

About Roy
Roy van Rijn is director at OpenValue Rotterdam and a Java Champion. He worked on numerous projects all over the Netherlands as developer, architect and agile coach. You can read more at his blog (http://www.royvanrijn.com) or follow him on Twitter (@royvanrijn).

About Bert Jan
Bert Jan is CTO at OpenValue and focuses on Java, software architecture, Continuous Delivery and DevOps. Bert Jan is a Java Champion, JavaOne Rock Star speaker, Duke's Choice Award winner and leads NLJUG, the Dutch Java User Group. He loves to share his experience by speaking at conferences, writing for the Dutch Java magazine and helping out Devoxx4Kids with teaching kids how to code. Bert Jan is easily reachable on Twitter at @bjschrijver.