Speaker: Simon Maple

On December 10th 2021, a new critical vulnerability, Log4Shell, was publicly disclosed and make global headlines. It impacted a wide number of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide.

In this session, we'll briefly cover what caused the issue, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more. 

The majority of the session will look at how we can be more proactive and defensive in our decisions for future Log4Shell like scenarios. We'll take a look at where risk is being introduced into our applications and pipelines, and how we can identify and reduce this risk up front, as well as be better prepared to react to these types of incidents in future.

New Java is a bit like old Java, but it’s faster, nimbler, changes often, and is designed for the cloud. What does this mean for us? Can we continue developing Java the same old way, or do we need to be adapting? And if so, how? How do we keep pace, while staying secure? What changes should our organisations be making, and what’s next on the horizon? Join the Modern Java track speakers for a lively discussion of trends, traps, and tricks.