Our great sponsors
-
log4j-scanner
Discontinued log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
-
I have used the https://github.com/Maelstromage/Log4jSherlock Log4jSherlock scanner which is powershell based and looks on windows machines for AR, WAR, EAR, JPI, HPI files that contain the log4j libraries and vulnerable pom properties. This script creates a csv file named for each system scanned and provides locations of all AR, WAR, EAR, JPI, HPI files and details on if they contain the log4j components. This is a good way to narrow the search for a dynamic scan such as the CISA scanning tool listed above, or to just identify and patch affected instances.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.