Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Log4Shell PoC exploit and mitigation demo on Kubernetes

Dec 23, 2021 By Snyk In Snyk
Demonstration of an RCE against the Log4Shell / CVE-2021-44228 vulnerability on a PoC Java EE app running on Kubernetes. I also go over a few mitigation steps you can take to reduce your exposure to this and other such exploits. References mentioned in the video: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
View Video
Snyk

It takes a community: Responding to open source criticism post-Log4Shell

Dec 23, 2021 By Randall Degges In Snyk

The last week has been a wild ride for just about everyone in the technology world due to the public disclosure of the Log4Shell vulnerability. As a developer security company, Snyk has built our business around proactive automation to identify and fix security issues in applications. To say we’ve been busy this week would be an understatement.

Read Post
teleport

Why Energy Infrastructure is National Security and How to Protect It

Dec 23, 2021 By Joseph Rodriguez In Teleport

I am writing this from my home office in Texas. Texas isn’t just my home. It is the home of the best brisket on the planet, some of the most iconic high tech brands in the world, and energy production that powers the global economy. In the morning, I might meet with one of the fastest growing SaaS companies in the country about achieving the rigorous FedRAMP certification so they can sell to federal agencies.

Read Post
jfrog

Catching Log4j in the Wild: Find, Fix and Fortify

Dec 23, 2021 By Gianni Truzzi In JFrog

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this is Christmas come early,” explained Theresa Payton, former White House CIO and current CEO of Fortalice Solutions.

Read Post

Snyk Code Hands-on Workshop

Dec 22, 2021 By Snyk In Snyk
Snyk Code is developer-first: embedding SAST as part of the development process, enabling developers to build software securely during development, and not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software and provides fast, actionable, meaningful results to fix issues in real-time.
View Video
Snyk

Snyk Container in 2021: Shifting container security all the way left

Dec 22, 2021 By Jim Armstrong In Snyk

No matter how you slice it, the use of containers and Kubernetes continues to swell. And recent high profile vulnerabilities-that-shall-not-be-named have shown us how important container security is for an overall application security program. Protecting your own code, your dependencies, and the containerized services you use are all a must.

Read Post
Snyk

Snyk IaC in 2021: Leading infrastructure as code security for developers

Dec 22, 2021 By Lauren Place In Snyk

With great automation, comes great risk. The advent of infrastructure as code brought about automation for the tedium of deploying, provisioning, and managing resources in public clouds with declarative scripts. However, this automation increased the importance of creating secure IaC scripts or configurations with cloud infrastructure misconfigurations being cited as the biggest area of increased concern (58%) from 2020 to 2021 in the 2021 Snyk Cloud Native Application Security report.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.