Struts 2 Must Die The Life and Inevitable Death of Java’s Spaghettiest™ Framework
Eugene Rojavski at Global AppSec Tel Aviv 2019
Struts2 Java framework has started as a cool modern framework and ended up like a bomb periodically exploding into security teams’ faces. Now it’s impossible to get rid of from production and it may lead to massive damage like Equifax breach because of the architectural decisions from long time ago. Take the plunge into OGNL swamp, play the cat and mouse game alongside with Struts2 developers and security researchers and finally find out prerequisites to blow up the framework with a new exploit
Eugene Rojavski
Application Security Researcher, Checkmarx
A passionate appsec specialist who loves to poke things until they explode. 8 years in infosec and appsec constantly pursuing a goal to unravel the mystery of security. I enjoy coaching others how to create "securer things"
Eugene Rojavski
Application Security Researcher, Checkmarx
A passionate appsec specialist who loves to poke things until they explode. 8 years in infosec and appsec constantly pursuing a goal to unravel the mystery of security. I enjoy coaching others how to create "securer things"