Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Struts-Shock: Current Attacks against Struts2 and How to Defend Against Them

  • Thursday, April 06, 2017 at 11:00 AM EST (2017-04-06 15:00:00 UTC)
  • Jonathan Mandell, Johannes Ullrich


  • Veracode

You can now attend the webcast using your mobile device!



The critical vulnerability discovered in the Apache Struts 2 library in March 2017 demonstrates the widespread risk that exists across many applications and websites. If exploited, these vulnerabilities can wreak havoc on the data and intellectual property that businesses work so hard to protect. Join Johannes Ullrich of the SANS Institute and Jonathan Mandell of Veracode as they provide:

  • An overview and background of the Apache Struts 2 vulnerability
  • Updates on how the vulnerability has been exploited to date
  • Strategies businesses can take to continue developing applications using open source components- without the consequences of the associated risks

Speaker Bios

Johannes Ullrich

Johannes Ullrich, dean of research at the SANS Technology Institute, is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. His research interests include IPv6, network traffic analysis and secure software development. In 2004, Network World named Johannes one of the 50 most powerful people in the networking industry, and SC Magazine named him one of the top five influential IT security thinkers for 2005. Prior to working for SANS, Johannes served as a lead support engineer for a web development company and as a research physicist.

Jonathan Mandell

Jonathan Mandell has led product management initiatives over the past decade creating SaaS solutions for both SMB and enterprise customers. He is currently Veracode’s product manager for Software Composition Analysis and mobile application security.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.