Demystifying Java JNDI attacks

How this Java API — rather its implementation could have catastrophic consequences on your application’s security, and what can you do about it?

Ax Sharma: Sample bytecode representation of a Java application class

Basics

Attack Mechanisms

Veracode: An example of how Spring Boot actuators can be exploited by providing rogue JNDI configuration as XML input.

Prevention

Security Researcher | Tech Columnist | https://hey.ax

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store