Search

Log4Shell – Get Full Protection…Web App Scan!


A vulnerability scanner alone will not protect you from Log4Shell (Log4J CVE-2021-44228). A layered vulnerability scanning approach to include a web scanner needs to be adopted to ensure all instances and downstream code usage are covered.


The approach should comprise of the following three elements:


Perform local scanning to detect Log4J components
Remote scanning aimed at triggering behaviour related to a Log4J attack – flushing out downstream code usage
Web application scanning (WAS) to test headers and input fields

Web application scanning is an absolute must, and needs to be inbuilt into your vulnerability management program – get your free trial of Tenable.io WAS today, or contact us today to gain full protection!