Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Demonstration of an RCE against the Log4Shell / CVE-2021-44228 vulnerability on a PoC Java EE app running on Kubernetes. I also go over a few mitigation steps you can take to reduce your exposure to this and other such exploits. References mentioned in the video: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

In this recorded session, we present a live hack webinar on the Log4Shell exploit. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.

Snyk Code is developer-first: embedding SAST as part of the development process, enabling developers to build software securely during development, and not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software and provides fast, actionable, meaningful results to fix issues in real-time.

In this application live-hack with Atlassian, we demonstrate how to implement security best-practices early on in your workflow when building applications on AWS.

In this video, we show a live demonstration of the EKS default settings when deploying with Terraform. Learn how small misconfigurations can create unwanted side effects and may put clusters at risk of EKS security issues as well as how you can test and remediate.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

As cloud-native technologies disrupt the Application Security (AppSec) market, forward-thinking enterprises are shifting their security to the left. A range of cutting-edge security platforms is now available, empowering developers to build secure applications within the development process. But what do secure applications look like, and why does it matter? Why are enterprises implementing security during the deployment phase?