What to Do About Log4j
Log4j does not sanitize inputs. Tactical Measures The first challenge is to find out where your code and applications might have the vulnerability. There are tools to scan for the presence of the string ”log4j” including Snyk and others. These will find any places in your source code libraries that have calls to the code. The next step is to verify whether that source code was ever actually deployed into your production environment. Sometimes developers…
Read More