Mitigating the Log4j vulnerability.

Hardik Maru, Security Consultant at SecureLayer7, walked teams through the live Log4j response. This is the recording.

Apache Log4j is used by thousands of enterprises to log application events. In December 2021 a remote code execution vulnerability landed at CVSS 10. Public exploits dropped within hours. Most teams discovered they were exposed by reading the news.

The session covers the root cause (JNDI lookups inside log strings), the blast radius across servers and SaaS integrations, the four patch versions Apache shipped between December 9 and December 18, and the parts of the remediation that three years later we still find missed on customer engagements.

It is built for CISOs, network admins, and CIOs scoping their own response to the next dependency-chain risk. There is always a next dependency-chain risk.