Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes – ASW #179



The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security in mind, the Q4 2021 ThinkstScape quarterly, Salesforce to require MFA Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes

Hosts

John Kinsella

John Kinsella – Co-founder & CTO at Cysense

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Security Partner at Square

@Codexatron

Mike Shema is a Security Partner at Square.

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Join us January 20th to learn how to build your own security lab at home! Then join us February 16th to learn about validation techniques within applications. Finally, join us March 2nd to learn five things you can do to catch more bad guys! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand.