%term

Snyk Log4Shell Stranger Danger Live Hack (APJ)

Dec 29, 2021 By Snyk In Snyk

Note: As of Dec. 28, 2 PM PST, we recommend upgrading to the latest Log4j version. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code.. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.

View Video

Snyk

Read more about Snyk Log4Shell Stranger Danger Live Hack (APJ)

New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution but it's not as bad as it sounds

Dec 28, 2021 By Liran Tal, Benji Catabi-Kalman In Snyk

As previously predicted to unfold, at approximately 7:35 PM GMT, 28th of December 2021, another security vulnerability impacting the Log4j logging library was published as CVE-2021-44832. This new CVE-2021-44832 security vulnerability is affecting versions up to 2.17.0, which was previously thought to be fixed. This vulnerability is similar in nature to CVE-2021-4104 which affected the 1.x branch of Log4j.

Read Post

Snyk

Read more about New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution but it's not as bad as it sounds

Log4Shell PoC exploit and mitigation demo on Kubernetes

Dec 23, 2021 By Snyk In Snyk

Demonstration of an RCE against the Log4Shell / CVE-2021-44228 vulnerability on a PoC Java EE app running on Kubernetes. I also go over a few mitigation steps you can take to reduce your exposure to this and other such exploits. References mentioned in the video: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Log4Shell PoC exploit and mitigation demo on Kubernetes

It takes a community: Responding to open source criticism post-Log4Shell

Dec 23, 2021 By Randall Degges In Snyk

The last week has been a wild ride for just about everyone in the technology world due to the public disclosure of the Log4Shell vulnerability. As a developer security company, Snyk has built our business around proactive automation to identify and fix security issues in applications. To say we’ve been busy this week would be an understatement.

Read Post

Snyk

Read more about It takes a community: Responding to open source criticism post-Log4Shell

AWS Live Hack Workshop: Snyk and Terraform

Dec 22, 2021 By Snyk In Snyk

In this video, we show a live demonstration of the EKS default settings when deploying with Terraform. Learn how small misconfigurations can create unwanted side effects and may put clusters at risk of EKS security issues as well as how you can test and remediate.

View Video

Snyk

Read more about AWS Live Hack Workshop: Snyk and Terraform

JavaScript type confusion: Bypassed input validation (and how to remediate)

Dec 22, 2021 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about JavaScript type confusion: Bypassed input validation (and how to remediate)

AWS Live Hack Workshop: Snyk and Docker

Dec 22, 2021 By Snyk In Snyk

In this live demo with Snyk and Docker, we show you how to scan containerized applications on Amazon EKS using a Docker CLI tool developed by both Docker and Snyk, managing open source vulnerabilities and dependencies introduced by container base images.

View Video

Snyk

Read more about AWS Live Hack Workshop: Snyk and Docker

AWS Live Hack Workshop: Snyk and StackHawk

Dec 22, 2021 By Snyk In Snyk

In this video with Snyk and Stackhawk, you'll see a live demo on implementing automated static and dynamic security testing across a CircleCI pipeline, finding and fixing vulnerabilities without loss of performance or developer agility.

View Video

Snyk

Read more about AWS Live Hack Workshop: Snyk and StackHawk

Snyk Log4Shell Stranger Danger Live Hack

Dec 22, 2021 By Snyk In Snyk

In this recorded session, we present a live hack webinar on the Log4Shell exploit. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.

View Video

Snyk

Read more about Snyk Log4Shell Stranger Danger Live Hack

Snyk Code Hands-on Workshop

Dec 22, 2021 By Snyk In Snyk

Snyk Code is developer-first: embedding SAST as part of the development process, enabling developers to build software securely during development, and not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software and provides fast, actionable, meaningful results to fix issues in real-time.

View Video

Snyk

Read more about Snyk Code Hands-on Workshop

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk Log4Shell Stranger Danger Live Hack (APJ)

New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution but it's not as bad as it sounds

Log4Shell PoC exploit and mitigation demo on Kubernetes

It takes a community: Responding to open source criticism post-Log4Shell

AWS Live Hack Workshop: Snyk and Terraform

JavaScript type confusion: Bypassed input validation (and how to remediate)

AWS Live Hack Workshop: Snyk and Docker

AWS Live Hack Workshop: Snyk and StackHawk

Snyk Log4Shell Stranger Danger Live Hack

Snyk Code Hands-on Workshop

Monthly Archive

Follow Us