Remote code execution (RCE) is a class of vulnerability that we’ve heard a lot about in the news recently. Many organizations are still feeling the aftershocks of Log4shell’s exploit of Log4j. In fact, RCE does not seem to be going away. The latest Invicti research shows a 3-4x increase in code execution findings over the past three years. RCE is severe — an attacker can exfiltrate data, steal credentials, and forge database records.
In this presentation, Invicti Security Distinguished Architect, Dan Murphy, showcases the latest data around RCE and delves into techniques that even the largest of organizations with thousands of web assets could use to safeguard their web applications from RCE.