Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore groundbreaking security research revealing the first-ever Remote Code Execution (RCE) vulnerability in Apache Kafka Server in this 34-minute DEF CON 33 conference talk. Delve into the architecture of Apache Kafka, understanding how Brokers function as central server nodes managing data streams between producers and consumers, and examine the expanding ecosystem of components like Confluent ksqlDB and Schema Registry that enhance Kafka's capabilities. Learn about the hidden security threats lurking within Kafka's rich component ecosystem, where previous research focused primarily on client-side vulnerabilities while server-side exploits remained undiscovered. Discover how researchers Ji'an Zhou, Ying Zhu, and ZiYang Li identified and developed techniques to exploit RCE vulnerabilities not only in Kafka Server itself but also in other ecosystem components, potentially affecting cloud service providers and thousands of exposed Kafka servers worldwide. Gain insights into the methodology used to uncover these critical security flaws and understand the implications for organizations running Kafka infrastructure who remain unaware of these risks.
