Log4j RCE Found

Security Monitoring Tools Log Management

Tsunami Landing Page

1

Tsunami

A general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence

#Security #Web Application Security #Vulnerability Scanner 3 social mentions
Dependency-Check Landing Page
2

DC

Dependency-Check

Dependency-Check is a utility that identifies project dependencies and checks if there are any...
Pricing:
- Open Source
When I started working with Scala, it really surprised me how the JVM world deals with dependencies (include an upstream jar directly in the project, as opposed to the Linux distro model where you use your distributor packages so you have security and bug fixes). I'm a big fan of Dependency Check[1]. There are hosted services that can give you security scans, but if you don't have access to that (some have a cost) or you are maintaining an open source project, Dependency Check is mostly great (there are some issues every now and then with false positives, but the maintainers are great and responsive and they deal with reports very quickly). There are also plugins for several building tools (e.g. Sbt for Scala projects). 1: https://owasp.org/www-project-dependency-check/.

#Security #Software Development #Code Analysis 16 social mentions
Apache Log4j Landing Page
3

Apache Log4j

Log4j is a logging framework (APIs) written in Java.
Pricing:
- Open Source
Does anyone know if removing the `JndiLookup` class is enough? On the Apache Log4j2 page (https://logging.apache.org/log4j/2.x/) it's stated to: > Remove the JndiLookup *and JndiManager* classes from the log4j-core jar. (emphasis mine) However, the only place where I've seen that being stated is on that page. So - is it required to remove the `JndiManager` class as well?

#Monitoring Tools #Log Management #Error Tracking 26 social mentions