What the log4j incident taught us about Secure by Design - Daniel Deogun & Dan Bergh Johnsson

Using Secure by Design as a guiding principle, we reason about what was the fundemental problem of the log4j incident "Log4Shell" that hit hard in december 2021. The vulnerability hit the IT world like a Lousianna Slugger, and similar will hit again. But the problem is not just the frameworks, but also how we design our applications. Even if a framework becomes vulnerable, the applications need not to be possible to exploit. So, what do we do? We walk through a few designs and design principles and see what this incident can teach us about how systems should be designed. Check out our new channel: NDC Clips: @ndcclips Check out more of our featured speakers and talks at https://ndcconferences.com/ https://ndc-security.com/