How open source vulnerabilities can compromise your software

In this episode of The Big Dev Theory on Twitch, we explore the steps necessary to build a secure CI/CD flow for a Java program with a vulnerable Log4j version. Our guest is Alex Ilgayev, Head of Security Research at Cycode who begin by constructing a simple exploit in the Kubernetes cluster and demonstrating the potential consequences. We then examine how to update the version of Log4j through basic Static Code Analysis capabilities in the source code, thereby solving the issue. Finally, it demonstrates how to deploy a non-vulnerable version to the cloud.

Each episode, we chat with AWS partners and bring experts with specialized knowledge in various areas of technology to provide informative and engaging live streams that help developers stay up-to-date with the latest trends and tools.

Stuart Clark, Senior Developer Advocate @ AWS

Du'An Lightfoot, Senior Developer Advocate @ AWS

The Big Dev Theory is a live stream broadcast every week on the AWS Twitch channel. Our live streams are designed to help developers learn about the advantages of our partner technologies and AWS, these events provide developers with the opportunity to learn from some of the top minds in the industry and connect with other developers who are working on similar projects. A key part of its mission to help developers build and innovate with confidence.