How cloud services help to mitigate Log4Shell and its friends

Log4Shell was a shock to Java developers: a core component of many Java applications, considered rock-solid by most developers, harboring a vulnerability that could give an attacker complete control over your server. Worse, the vulnerability resulted from a confluence of features, individually harmless, that were part of the library almost since its inception.

Deploying your applications in the Cloud, and using the services it provides, is one good way to mitigate the possibility of future attacks. In this talk, Keith Gregory looks at how Cloud services help you to (1) block attacks from getting in, (2) block their ability to exfiltrate data or download remote payloads, (3) prevent them from accessing sensitive information such as database passwords, and (4) perform forensic analysis if you are unlucky.

Because it’s naive to think that there isn’t another, similar vulnerability just waiting to be exploited.

Speaker Bio: Keith Gregory
Keith Gregory has been a frequent speaker at the Philly JUG, on topics ranging from effective logging to creating an off-heap cache. In recent years he has focused on the AWS ecosystem, and is currently AWS Practice Lead at Chariot Solutions, a Fort Washington-based consulting organization.

Sponsored By: Jakarta EE - Open Source Cloud Native Java (https://jakarta.ee)
Powered by participation, Jakarta EE is focused on enabling community-driven collaboration and open innovation for the cloud. Jakarta EE represents the best way to drive cloud-native, mission-critical applications and build upon the decades of experience of real-world deployments and developers.