Top 10 Most Attackable Log4j Applications

Log4j feels like a decade ago, but we still get asked about it regularly.

At Randori, our mission is to arm defenders with the attacker’s perspective. As such, we compiled a report that outlines the most “attackable” targets (aka the most interesting internet-exposed application) affected by Log4j. 

While some felt massive blowback from Log4j exposures on their attack surfaces, others managed to weather the storm without major incident. By understanding how attackers choose what assets to go after during such exposures, defenders can help put their company in the latter category. 

In the report you’ll learn:

• The most common Log4j impacted applications and services
• The most attackable Log4j affected services, and why
• How attackers decide what assets to go after first
• The steps defenders took to successfully curtail Log4j exploitation, without patching