Материалы по теме 'log4shell' | DevsDay.ru

IT-блоги Материалы по теме 'log4shell'

IT-блоги Материалы по теме 'log4shell'


Разработка The GitHub Blog 25 мая 2022 г. 22:22

A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.... читать далее

Enterprise Security Dependabot

DevOps DZone DevOps 29 апреля 2022 г. 14:06

Vulnerabilities produce enormous reputational and financial risks. As a result, many companies are fascinated by security and desire to build a secure development life cycle (SSDLC). So, today we're going to discuss SAST — one of the SSDLC components...... читать далее

security devops devsecops static analysis sdlc sast vulnerabilites developing ssdlc

DevOps ubuntu.com 6 апреля 2022 г. 12:37

When you use open source software, you establish a connection with its maintainers, contributors, and users. You join a community, leveraging code and knowledge. You share bugs, solutions, recommendations, and challenges. Open source accelerates inno...... читать далее

robotics thestateofrobotics

Безопасность Блог Касперского 1 апреля 2022 г. 14:46

Критическая уязвимость Spring4Shell обнаружена в популярном Java-фреймворке Spring. Объясняем, в чем проблема, почему она опасна и как защититься.... читать далее

Enterprise SMB Бизнес Угрозы 0day CVE-2022-22965 Spring4Shell уязвимости

Разработка habr.com 3 марта 2022 г. 19:54

Безопасность через неясность работает в некоторых редких ситуациях: например, указать нестандартный порт SSH для защиты от брута или закамуфлировать критически важный объект, как сова на фотографии (см. приёмы обфускации кода). Да, есть такие экзотич...... читать далее

Блог компании GlobalSign Open source Информационная безопасность Смартфоны Софт Heartbleed Log4Shell Project Zero 90 дней вайтхэт этичный хакер ядро Linux камуфляж обфускация LineageOS

Безопасность DZone Security 19 февраля 2022 г. 15:15

For what feels like an eternity at this point, we’ve discussed “shifting left” in the SDLC, taking into account security best practices from the start of software development. DevSecOps was a great leap forward, in no small part because of the emphas...... читать далее

security training developers devsecops secure coding quality code vulnerabilites shifting left

Безопасность DZone Security 4 февраля 2022 г. 15:23

In this article, I will discuss how to detect Log4j vulnerability using Red Hat Advanced Cluster Security or ACS, which will help you to protect and defend your Kubernetes cluster. ACS protects your application across build, deploy, and runtime. It p...... читать далее

open source kubernetes red hat openshift log4j acs

Разработка Dice Insights 4 февраля 2022 г. 12:05

For years, open-source software held the edge when it came to security compared to its commercial, closed-source counterpart offerings. After all, open source has the distinct […] The post Open Source Cybersecurity Has Become a Hot Topic appea...... читать далее

Headline Industry Reports Cybersecurity Open Source Programming

Безопасность DZone Security 2 февраля 2022 г. 9:24

In this short article, I would like to elaborate on the Log4Shell vulnerability and how it might affect the Java community. Log4Shell has been a hot topic in different media since its discovery. However, not all sources describe the problem correctly...... читать далее

java open source

Разработка Docker Blog 1 февраля 2022 г. 20:00

Yesterday, January 31, we finished our second full fiscal year since our November 2019 restructuring and recapitalization, and I couldn’t be prouder of the Docker team and what we’ve accomplished together. While it’s difficult to summarize 12 months,...... читать далее

Company docker docker desktop

Безопасность DZone Security 22 января 2022 г. 16:45

Introduction to log4j2 Mitigation The log4j2 vulnerability like the OpenSSL Heartbleed and Apache Struts vulnerabilities that came before it are poignant reminders to digital businesses that it’s not just enough to respond to a vulnerability by redep...... читать далее

security tutorial cloud security devsecops container security log4j2 vulnerability management vulnerability detection log4shell

Безопасность DZone Security 20 января 2022 г. 10:27

Last December, Log4Shell shortened the nights of many people in the JVM world. Worse, using the earthquake analogy caused many aftershocks after the initial quake. I immediately made the connection between Log4Shell and the Security Manager. At first...... читать далее

security jep security manager log4shell

DevOps ubuntu.com 13 января 2022 г. 13:25

I will be honest, I thought that December was going to be a slow month for the robotics news. With all the holidays, I was not expecting a month with exciting announcements or events. And when I was ready to put videos of robots dancing to Christmas...... читать далее

robotics ROS thestateofrobotics

Безопасность DZone Security 10 января 2022 г. 16:28

If you’re an SRE, you’ve almost certainly heard all about Log4Shell, the Log4j vulnerability that some analysts are calling the worst software security flaw in decades. And you’ve also hopefully by now patched any systems you manage to fix the vulner...... читать далее

security devops vulnerabilities observability sre log4j incident management incident response mitigation log4shell

Безопасность DZone Security 5 января 2022 г. 11:36

A good DevSecOps strategy goes beyond having the right tools and processes in place: it requires consistent and crucially, bi-directional feedback and learning. Both security and engineering teams have such different priorities and strengths, but tha...... читать далее

collaboration devsecops learning and education bi-directional learning cross-team learning

Разработка IntelliJ IDEA 4 января 2022 г. 9:00

Welcome to the January edition of our monthly collection of JVM-related news! This is my first Java Annotated Monthly; I’m taking over this project from Irina and Trisha – if I can see a little further, it is because I’m standing on the shoulde...... читать далее

news java-annotated

Безопасность DZone Security 20 декабря 2021 г. 9:25

We are following developments on the Log4Shell security vulnerability in Apache “Log4j 2" utility (CVE-2021-44228, CVE-2021-45046).   We, at Theom, are actively helping multiple enterprises expose the impact of the log4j vulnerability and unders...... читать далее

security cloud security data security api security data breach log4j snowflake data leak data risk management api data breach

Безопасность DZone Security 20 декабря 2021 г. 1:41

The Log4j vulnerability tracked as CVE-2021-44228 (also known as Log4Shell) allows an attacker to execute arbitrary code in a system. If your application uses Log4j from version 2.0-alpha1 to 2.14.1, you should update to the latest version (2.16.0 at...... читать далее

java security tutorial jdbc mariadb log4j log4j2 cve

Безопасность DZone Security 19 декабря 2021 г. 16:23

Quick Overview The gravest cyber threat of modern times is upon us in the form of CVE-2021-44228. Here are some key resources: CVE-2021-44228: Apache Log4j <=2.14.1 JNDI features do not protect against attacker controlled LDAP and other JNDI rel...... читать далее

security tutorial devsecops appsec infosec open source security log4j2

DevOps ubuntu.com 16 декабря 2021 г. 16:37

A high impact vulnerability was discovered in Apache Log4j 2, a widely deployed software component used by a lot of Java applications to facilitate logging. An attacker who can control the log messages or their parameters can cause the application to...... читать далее

Java Security Ubuntu Server Vulnerabilities