Skip to main content
 
uk

  • Increase Speed to Market
    Deliver quality quicker by optimising your delivery pipeline, removing bottlenecks, getting faster feedback from customers and iterating quickly.

  • Enhance Customer Experience
    Delight your customers in every digital interaction by optimising system quality and performance to provide a smooth, speedy and seamless user experience.

  • Maximise Your Investment
    Realise a positive ROI sooner and maximise your investment by focusing your energy on high-value features, reducing waste, and finding and fixing defects early.
  • The Wellington City Council (WCC) wanted to deliver quality outcomes without breaking the bank. Find out how Planit’s fast and flexible resources helped WCC achieve this goal.

this is a test Who We Are Landing Page


Remote Code Execution Exploits Continue to Menace Developers Remote Code Execution Exploits Continue to Menace Developers
INSIGHTS / Articles

Remote Code Execution Exploits Continue to Menace Developers

 27 Apr 2022 
Remote Code Execution Exploits Continue to Menace Developers
INSIGHTS / Articles

Remote Code Execution Exploits Continue to Menace Developers

 27 Apr 2022 

    In December, the Internet was faced with one of the gravest Internet threats in years when the Log4Shell exploit was released for the open-source logging utility, Log4j. The Zero-day code-execution vulnerability meant that countless apps, including those used by large enterprise organisations, could be hacked to access people’s computer.

    Since Log4j is incorporated into a host of popular frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink, this meant countless number of third-party apps were at risk to the exploit. When you add Minecraft, the best-selling game of all time, to the list, then you have potentially millions of people being affected by hacks.

    Many apps rolled out a new version to fix the vulnerability, but people would now need to be vigilant - users of open-source software now need to check if it relies on Log4j for logging, while Minecraft users must steer clear of unknown servers or untrustworthy users.

    Spring-loaded

    Four months later and a new vulnerability, Spring4Shell, is uncovered. This one affects two Spring Java products, MVC and WebFlux, which allow developers to write and test apps.

    This exploit could be used by hackers to remotely install a web-based remote-control backdoor, known as a web shell, on an affected system. When you consider that the Spring Java framework powers many websites and apps, this had the potential to affect millions of people like Log4Shell did.

    As in the case of Log4Shell, new versions of the Spring Framework and Spring Cloud Function were released to resolve the Spring4Shell exploit. Upgrading to a newer version of Apache Tomcat was also recommended for an additional level of protection.

    Protect your code

    What Log4Shell, Spring4Shell, and other web shell exploit show is that apps are being left open to remote code execution. These security vulnerabilities don’t happen on their own – they are unintentionally introduced by developers when working on the app.

    So far, many have tended to adopt a reactive approach to cybersecurity, when a better approach is a proactive one. After all, if an application's risk posture is checked before it gets released to users, there is a chance to identify and remediate vulnerabilities before they can be introduced and exploited.

    Proactive security is what we try to encourage, which includes leveraging tools that help developers keep their code clean and find vulnerabilities before they can be introduced and exploited. Solutions such as Planit Strike also comes with the added flexibility of being available on-demand or can be integrated into a CI/CD pipeline, helping you to protect your code year-round.

Ferdinand Hagethorn

Director - Security Services

Security as a Service

Planit Strike is a low-cost Static and Dynamic Application Security Testing (SAST and DAST) solution that scans your code and applications as they are being built to find vulnerabilities before they can be introduced. It's available on-demand or can be integrated into your CI/CD pipeline, helping you to shift left and increase velocity upstream.
 
Find out how Planit Strike can improve your security risk posture and keep your code clean.

 

Find out more