SaaSHub helps you find the best software and product alternatives Learn more →
Aegis4j Alternatives
Similar projects and alternatives to aegis4j
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
-
log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
aegis4j reviews and mentions
-
What's new in Java 18 for us, developers ?
The guys at Oracle have made this point on this forum quite often, but it never really hit home for me personally until the recent log4j vulnerability made me more interested in the topic and the available mitigation options (see https://github.com/gredler/aegis4j/).
-
CVE-2021-44832: New Log4j 2 vulnerability
If you've been impacted by these log4j vulnerabilities, have a look at aegis4j, a Java agent that completely disables platform features you don't use, before an attacker uses them against you (including e.g. JNDI and Java serialization).
https://github.com/gredler/aegis4j/
- Aegis4j: Avoid the Next Log4Shell Vulnerability
-
Log4j MEGATHREAD
Yep, this is why strategically patching InitialContext when the class is initially loaded will completely disable JNDI (and mitigate future JNDI-based exploits).
- aegis4j: Avoid the NEXT Log4Shell vulnerability!
-
Log4j 2.15.0 – Previously suggested mitigations may not be enough
The recent log4j vulnerability really piqued my interest, and I've spent the last few evenings working on a proof of concept Java agent that could mitigate similar vulnerabilities in the future, for applications that are able to completely forego platform features like JNDI, serialization or native process execution.
Link to the project: https://github.com/gredler/aegis4j
It's not a lot of code, but it uses parts of the platform that I think are a bit unusual for most devs, so it was quite interesting to implement. Happy to discuss details, ideas, and concerns.
One idea for a possible improvement is to make the feature block list adaptive, i.e. watch what the application uses in the first few minutes of execution, and then shut down all unused "dangerous" features for the remaining lifetime of the VM. Not sure how reliable this would be though, especially for services which have background jobs that might only run once a day.
-
A note from our sponsor - SaaSHub
www.saashub.com | 26 Apr 2024
Stats
gredler/aegis4j is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of aegis4j is Java.
Sponsored