Log4Shell Vulnerability: All You Need To Know

Webinar Description

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

Since then, the vulnerability has been reported to be massively exploited in the wild, due to the fact that it is trivially exploitable (weaponized PoCs are available publicly) and extremely popular, and got a wide coverage on media and social networks.

Join our Senior Director Security Research expert Shachar Menashe as he discusses:

  • What is the Log4Shell vulnerability? Why is it so critical?
  • Deep dive: vulnerability root cause
  • JFrog Platform is non-affected / False positives
  • Available patches
  • Mitigations
  • Xray detection from day one, with security research data

Presenter Information

Shachar Menashe

Senior Director Security Research

Shachar has more than 10 years of experience in security research, including low-level R&D, reverse engineering and vulnerability research. Before joining JFrog, he worked as a research team leader and security architect for AR giant Magic Leap where he specialized in areas such as Linux & Android security architecture, implementing custom kernel and bootloader mitigations, and secure development lifecycle processes. This led to a successful release of Magic Leap's OS which has remained unhacked to this day. Shachar holds a BSc in Electronics Engineering and Computer Science from Tel-Aviv University.
Date:   December 16
Time:   11:00 AM PDT |2:00 PM EDT
Duration   30 minutes
Can't make it? Register anyway and we will send you the recording.

Register for this Webinar:


Release Fast Or Die

Start For Free