Keith Gregory: Mitigating Log4Shell with AWS

by
Tags: , , ,
Category:

This talk was delivered by our AWS Practice Lead, Keith Gregory, on Tuesday April 12th at the Philadelphia Java Users’ Group (JUG).


Overview

Log4Shell was a shock to Java developers: a core component of many Java applications, considered rock-solid by most developers, harboring a vulnerability that could give an attacker complete control over your server. Worse, the vulnerability resulted from a confluence of features, individually harmless, that were part of the library almost since its inception.

Deploying your applications in the Cloud, and using the services it provides, is one good way to mitigate the possibility of future attacks. In this talk, Keith Gregory looks at how Cloud services help you to (1) block attacks from getting in, (2) block their ability to exfiltrate data or download remote payloads, (3) prevent them from accessing sensitive information such as database passwords, and (4) perform forensic analysis if you are unlucky.

Because it’s naive to think that there isn’t another, similar vulnerability just waiting to be exploited.


About Keith Gregory

Keith Gregory has been a frequent speaker at the Philly JUG, on topics ranging from effective logging to creating an off-heap cache. In recent years he has focused on the AWS ecosystem, and is currently the AWS Practice Lead here at Chariot Solutions. You can find more information about Chariot’s cloud and data engineering practice here.

Philly Java Users’ Group

This talk was delivered on Tuesday, April 12th at the Philadelphia Java Users’ Group (JUG). More info and events from the Philly JUG can be found here. Thank you to the Philly JUG for hosting!

Sponsored By Jakarta EE, Open Source Cloud Native Java

Powered by participation, Jakarta EE is focused on enabling community-driven collaboration and open innovation for the cloud. Jakarta EE represents the best way to drive cloud-native, mission-critical applications and build upon the decades of experience of real-world deployments and developers. Learn more about Jakarta EE here.