Apache Struts2 exploitation: Beyond putting out fires!
The unfolding of the Equifax breach shows that the attack started around two months after the vulnerability was disclosed – and the patch was made available – by the Apache Foundation. That means the vulnerability could have been eliminated with a patch long before the attack. The case exposes a persistent challenge IT and Dev pros face: it takes much longer to mitigate vulnerabilities than it takes hackers to start exploiting them. This is not a…