A flaw in the widely used Apache Struts 2 framework was disclosed by Apache on March 6. An exploit of that vulnerability was released on March 7, leading to a breach at Equifax that exposed the data of as many as 143 million US consumers.
If you run web applications on the internet, then you most certainly have been (or are still being) probed. The team at Contrast Security continues to see exploit attempts from all over the world. Arshan Dabirsiaghi explains what Contrast Security learned from the Struts 2 exploit and details how to stop the next attack against your production apps. Arshan shares the inside scoop on how the company found, triaged, and shielded itself (and its customers) against Struts 2 attacks—all with no downtime.
This session is sponsored by Contrast Security.
Arshan Dabirsiaghi is chief scientist at Contrast Security, where he draws on experience to guide the product line, drive new products and features, and spread the gospel about binary instrumentation. Arshan is an accomplished security researcher with over 10 years of experience advising large organizations on application security. Previously, Arshan held a research role at Aspect Security, where he used static and dynamic technology to perform security assurance work, including code reviews, architecture reviews, and penetration testing. Arshan quickly discovered that securing applications was a massive undertaking—one that requires innovative, deeply accurate technology and continuous testing.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org