Log4J/Log4Shell Video Glossary

The video has been created to explain Log4J and a little about the Log4Shell vulnerability.

Click here to view the video

Apache LicenseThe Apache License is a permissive free software license written by the Apache Software Foundation
APIApplication Programming Interface – A way to allow software to communicate using pre-agreed standards and language
Burp SuiteA Web Application attack tool/suite of tools
Defence In Depth*The idea that you have a layered security approach, rather than relying on a single technology or system for defence
HTTP HeaderServer/Client communications portion of web browsing traffic
JavaJava is a high-level, class-based, object-oriented programming language
JNDIJava Naming and Directory Interface
LDAP*Lightweight Directory Access Protocol – The protocol the attacker is using or simulating in order to deliver the malicious code
Lookup*Utilising a built in commands to allow variables to be retrieved
Open SourceThe original source code is made freely available and may be redistributed and modified
RMIRemote Method Invocation – Java API
Sanitised InputsValidating the input is what is expected for the field, further reading – https://cwe.mitre.org/data/definitions/20.html
Security AssessmentThis point could be it’s own video. However in short: this can range from a Vulnerability assessment, simulating an attacker through to working with your internal teams to help threat hunting and defending
Vulnerability*A weakness in Software code that can be used by an attacker to exploit that system

*In the context of the Log4J video. With a different context the definition may change.

Do I have software that is vulnerable?

Check out this page from the Dutch NCSC around known software and it’s vulnerability status, and a post from Bleeping Computer that shows a list of known vulnerable applications

Video and Glossary Refences & thanks:

This entry was posted in Uncategorized. Bookmark the permalink.

1 Response to Log4J/Log4Shell Video Glossary

  1. Pingback: Week 03 – 2022 – This Week In 4n6

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s