Log4j Scanner Blindspots

Source: thenewstack.io

Log4j Scanner Blindspots

Category: Software, Security

Thanks to the https://logging.apache.org/log4j/‘s popularity and its ability to hide in code, we have landmines hiding in our infrastructure due to https://thenewstack.io/log4shell-we-are-in-so-much-trouble/https://thenewstack.io/log4shell-we-are-in-so-much-trouble/https://thenewstack.io/log4shell-we-are-in-so-much-trouble/. The bad news is, https://www.rezilion.com/, a programming security company, has found that https://www.rezilion.com/blog/log4j-blindspots-what-your-scanner-is-still-missing/. The problem with detecting Log4Shell within packaged software in production environments is that Java code can be nested a few layers deep into other files.

Salting the wound Java code can be buried many levels down in these formats.

For example, Rezillion found that while tools can detect vulnerable Log4j instances in multiple Java binaries types with a range of file extensions, sometimes the names are the ones we’re searching for.
Read Full Article On thenewstack.io
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Splunk Aims to Trigger DevOps Processes
Splunk Aims to Trigger DevOps Processes
DevOps Chat: JFrog Announces $165 Million Funding Round
DevOps Chat: JFrog Announces $165 Million Funding Round
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

CloudWays

Koho

Become a Partner?
DevOps Careers
    • Add a Job?