Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Explanations

Detecting the Log4j vulnerability with Invicti Enterprise

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Invicti Enterprise can detect whether you have Java applications vulnerable to remote code execution attacks targeting the Log4j library. A fix is already available, so the recommended course of action is to update to Log4j 2.17.0 (or newer) immediately. For further information about Log4j, see Why Log4Shell could be the worst software vulnerability ever and Log4J FAQ.

This document provides a step-by-step guide on how to identify the Log4j vulnerability using Invicti Enterprise.

Whitelisting requirements

Refer to these documents to whitelist the correct IP addresses based on your region:

Detecting the Log4j vulnerability with Invicti Enterprise

To detect the Log4j vulnerability with Invicti Enterprise, follow these steps:

NOTE:

For information on how to use it with internal agents and access Invicti’s Hawk server, refer to Installing Invicti Hawk internally document.

For further information about the Invicti Hawk, see How Invicti Hawk finds vulnerabilities.

Step 1: Configuring a scan policy for Log4j

You can configure a scan policy to run a security check to detect the Log4j vulnerability in your environment.

How to configure a scan policy for Log4j

  • In Invicti Enterprise select Policies > New Scan Policy from the left-side menu.
  • Enter a name for your new scan policy.

Creating new scan policy in Invicti Enterprise.

  • From the Security Checks section, select Code Evaluation > Log4j Code Evaluation (Out of Band).

  • Enable the security checks you want.

TIP:

Additional attacks to the headers may extend the scan's duration.

  • Click Save.

Step 2: Scanning your application with the custom scan policy

After you create a custom scan policy that includes the Log4j checks, you can now launch a scan to detect whether you are vulnerable to the Log4j attacks.

How to scan your application with the custom scan policy

  • Select Scans > New Scan from the left-side menu.

NOTE:

Before scanning your website in Invicti Enterprise, make sure you have added a website. For more information refer to Adding a target document.

  • In the Target URL field, type the URL.
  • In the Scan Policy dropdown, select your custom policy created in the Step 1.

Launching new scan with custom scan policy in Invicti Enterprise.

  • Click Launch to scan.

How to run group scan with the custom scan policy

  • In Invicti Enterprise select Scans > New Group Scan from the left-side menu.
  • In the Target Group dropdown, select the desired target.
  • In the Scan Policy dropdown, select your custom scan policy created in the Step 1.

How to use Log4j Scan Policy with target group scan in Invicti Enterprise.

  • Click Launch to scan.

Step 3: Reviewing scan result

When you launch the scan, Invicti Enterprise crawls and attacks your web application to identify the Log4j vulnerability.

Once the scan is complete, the application will send an email containing the link to the report. If you did not configure an email notification, you can log in to Invicti Enterprise and check your report.

How to access your scan report

  • Select Scans > Recent Scans from the left-side menu.
  • Next to the relevant scan, click Report.
  • On the Scan Summary page, scroll down to the Technical Report section to view your scan report.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports