Equifax Cost of Struts Related Data Breach Still Rising

It could happen to anybody, if we’re honest with ourselves. Even if you have procedures and personnel to monitor security notices and apply patches, relying on all of that operating flawlessly every single day is just not realistic. Twenty years ago, the Struts Framework was widely used to build enterprise Java applications, and if you really use Struts, it is like mold — it winds up in your application’s roof, drywall,...

Read More

Struts 2 Cybersecurity Flaw Affects All Versions

  Veracode Reports New Apache Struts 2 Security Problem From Veracode: “On Aug. 22 [2018], the Apache Software Foundation announced that a new critical remote code execution vulnerability was found in Apache Struts 2 (CVE-2018-11776). According to the Semmle Security Research Team, who first identified and reported the vulnerability, this flaw is ‘more critical’ than the Struts vulnerability behind the massive data breach...

Read More

Struts 2 Does Not Solve the Security Problem – Moving to Spring Does

Struts 1 is End of Life Apache has made it clear that if you are using Struts 1, you need to move. The question was asked, “Given a major security problem or a serious bug is reported for Struts 1 in [the] near future, can we expect a new release with fixes?” Apache’s answer:
“As of now, actually no – that is what the EOL announcement essentially is about. Since the end of support is reached, you will either need to find...

Read More

Migrating Struts to Spring

  What’s Wrong With Struts? If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies. Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth...

Read More