What the .NET community can learn from the Log4Shell exploit - Dan Bergh Johnsson & Daniel Deogun

In December 2021, the Java community was hit by the Log4Shell exploit that showed the vulnerability in one of the most common Java frameworks used on the Internet. Obviously .NET isn't vulnerable to this particular attack, but we think there are important insights that apply to .NET equally well.

In this session, we will drive our analysis using Secure by Design to understand why it is important to consider architecture and design around logging – as it is often overlooked and become a potential attack surface.

Programmer with an interest for security. Uses high-quality and low-latency development to drive security. Agile aficionado, DDD enthusiast, and DevOps admirer. Author of "Secure by Design" [Manning].

Daniel Deogun is a Coder and Quality Defender who brings order to a chaotic world of bits and bytes using good design and clean code. He is author of the book Secure by Design and as a developer, Daniel started to program in 1997. His extensive experience ranges from patient critical pacemaker systems to web applications to high performant software in the gaming industry. Combining this with his passion for tech have made him a frequent speaker at conferences all over the world.

This session was recorded at Swetugg Stockholm 2023, Swetugg is run by a group of volunteers with different IT backgrounds with a common denominator: A passion for creating good software and better software developers, no matter if you are just starting your journey or have been writing code since the beginning of unix time.