DZone Security Zone
Introduction to log4j2 Mitigation
The log4j2 vulnerability like the OpenSSL Heartbleed and Apache Struts vulnerabilities that came before it are poignant reminders to digital businesses that it’s not just enough to respond to a vulnerability by redeploying applications once a patch is available, you also have to be able to discover instances of the vulnerability being exploited in real time in your production platform and stop them. In this tutorial, we’ll show you how to use Deepfence ThreatMapper and ThreatStryker to help you do just that.
Deepfence ThreatMapper is an open-source security observability platform that hunts for vulnerabilities – including log4j2 – in applications in production across containers, Kubernetes, clouds, serverless environments, VMs, and bare metal, and then ranks them based on their risk of exploit. ThreatMapper eliminates the noise and false positives generated by scanning tools by further calculating the risk of exploit for each of these vulnerabilities, so that you can target the issues that present the greatest risk to the security of your applications.
Read the original article: