“Don't put off until tomorrow what you can do today” is an expression attributed to Benjamin Franklin. This certainly applies to reducing the impact of zero-day vulnerabilities. Being proactive now will dramatically reduce your zero-day risk. In March 2022 a Spring Framework related zero-day surfaced named Spring4Shell (CVE-2022-22965). This is the latest in a steady stream of similar Remote Code Execution (RCE) and injection vulnerabilities. At the end of 2021, we saw the infamous Log4Shell security incident (CVE-2021-44228). More of these are likely coming. What can you do today to eliminate or reduce the future impact of zero-days?
In this Weekly Demo, Contrast will review Spring4Shell and how proactive protection is essential for zero-days. Topics to be discussed include:
- A review of Spring4Shell
- Immediate protection recommendations
- How to protect yourself now and going forward
