Web App Security and Apache Struts - A Post Mortem on Equifax



In September 2017, Equifax announced a major security breach. The breach may have exposed sensitive data for over 100 million US consumers. The breach was due, in part, to a vulnerability in an older release of Apache Struts 2.x
This talk will examine the vulnerabilities from the Apache Struts framework. We will review the underlying Java code and discuss the fixes that were applied by the Apache Struts team.

Sean Sullivan is a Principal Software Engineer at HBC Digital. Sean has been a member of the HBC/Gilt team since 2011.

Bonus Topics:

• Chris Hansen will present his take-aways from JavaOne 2017 (short lightning talk).

• We will discuss ways to increase outreach and attendance for future PJUG meetings.