Java Security: Log4J, the SecurityManager, and Funding

March 24, 2023
1410 Unique Views
< 1 min read

A demonstration of log4j exploits, which defenses people tried, and which worked.

We'll cover how groups responded effectively to patch to see what was common.

We'll also look at open source funding models, subscriptions, and bug bounty programs to see why it's sometimes hard to donate.

This talk uses actual exploit code that takes over systems through their log messages to open calculators.

Don’t Forget to Share This Post!

Erik Costlow

Author

Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.

Thinking differently about testing

How JVM handles exceptions

Token Bucket Rate Limiter (Redis & Java)

Rate limiting with Redis: An essential guide

Fixed Window Counter Rate Limiter (Redis & Java)

Dissection of Joeffice: Open Source Office Suite in Java

How to Configure Your Java XML Parsers to Prevent XXE Attacks

How to Diagnose and Mitigate Pinning in Java’s Virtual Thread Execution

Challenge yourself with Application Observability Code Challenges

Receiving Mails in Java with IMAP or POP3

foojay: A Place for Friends of OpenJDK

Dashboard for OpenJDK Update Release Details

JDK14: New Features and Enhancements

Fun with Flags: My Top 10 Resources for JVM Flags

Performance of Modern Java on Data-Heavy Workloads: Real-Time Streaming

Performance of Modern Java on Data-Heavy Workloads: Batch Processing

How does Java handle different Images and ColorSpaces – Part 1

How does Java handle different Images and ColorSpaces – Part 2

How does Java handle different Images and ColorSpaces – Part 3

How does Java handle different Images and ColorSpaces – Part 4

Indexing all of Wikipedia, on a laptop

Working with Multiple Carets in IntelliJ IDEA

Java 17 on the Raspberry Pi

Clean Shutdown of Spring Boot Applications

Foojay Slack: bit.ly/join-foojay-slack

How to Create Mobile Apps with JavaFX (Part 1)

Beginning JavaFX Applications with IntelliJ IDE

SpringBoot 3.2 + CRaC

Project Panama for Newbies (Part 1)

Java 21 is Available Today, And It’s Quite the Update

Attending Devoxx UK?

Drop by the Digma booth and grab a cool t-shirt!

Apache Kafka Performance on Azul Platform Prime vs Vanilla OpenJDK

Learn about a number of experiments that have been conducted with Apache Kafka performance on Azul Platform Prime, compared to vanilla OpenJDK. Roughly 40% improvements in performance, both throughput and latency, are achieved.

Stable, Secure, and Affordable Java

Azul Platform Core is the #1 Oracle Java alternative, offering OpenJDK support for more versions (including Java 6 & 7) and more configurations for the greatest business value and lowest TCO.

Java: Where the Wild Code Isn’t

In the last several years, the OpenJDK community has made Java significantly safer for users and developers while at the same time making it easier to design, build, and run applications quickly.

Java users should incorporate several practices to take full benefit from the defenses of the modern JRE.

Sep 17 4,5K

Erik Costlow

Security

Project Panama for Newbies (Part 1)

In this series of articles, we will explore the APIs from OpenJDK’s Project Panama.

My intent is to show you how to be proficient in using the Foreign Linker APIs (module ‘jdk.incubator.foreign’) as it relates to Java interoperability with native code.

While this article is for newbies, I assume you know the basics of the Java language, a little bash scripting, and a familiarity with C programming concepts. If you are new to C language don’t worry I will go over the concepts later.

Aug 10 25,6K

Carl Dea

Project Panama

JEPs

7 Reasons Why, After 26 Years, Java Still Makes Sense!

After many discussions with Java developers, combined with my personal experiences with the Java community and platform, here are the key reasons why Java developers love Java after all these years!

Mar 15 22,2K

A N M Bazlur Rahman

Java Core

Opinion Java Beginner

Jakarta EE 11: Beyond the Era of Java EE

Step up your coding with the Continuous Feedback Udemy Course: Additional coupons are available

Stable, Secure, and Affordable Java

Java Security: Log4J, the SecurityManager, and Funding

Erik Costlow

Erik Costlow

Trending

Attending Devoxx UK?

Apache Kafka Performance on Azul Platform Prime vs Vanilla OpenJDK

Stable, Secure, and Affordable Java

Stable, Secure, and Affordable Java

Jakarta EE 11: Beyond the Era of Java EE

Step up your coding with the Continuous Feedback Udemy Course: Additional coupons are available

Comments (0)

Jakarta EE 11: Beyond the Era of Java EE

Step up your coding with the Continuous Feedback Udemy Course: Additional coupons are available

Stable, Secure, and Affordable Java

Do you want your ad here?

Java Security: Log4J, the SecurityManager, and Funding

Erik Costlow

Erik Costlow

Trending

Attending Devoxx UK?

Apache Kafka Performance on Azul Platform Prime vs Vanilla OpenJDK

Stable, Secure, and Affordable Java

Stable, Secure, and Affordable Java

Jakarta EE 11: Beyond the Era of Java EE

Step up your coding with the Continuous Feedback Udemy Course: Additional coupons are available

Do you want your ad here?

Related Articles

Comments (0)

Set Event Reminder

Subscribe to foojay updates:

Share with