YoVDO

Large-Scale Software Composition Analysis: Uncovering Vulnerable Dependencies in 600 Apps

Offered By: OWASP Foundation via YouTube

Tags

Software Composition Analysis Courses Application Security Courses Vulnerability Management Courses Software Supply Chain Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive conference talk detailing the successful implementation of a large-scale Software Composition Analysis (SCA) exercise on hundreds of third-party vendor-managed applications in just two months. Learn how the Government Technology Agency Singapore utilized OWASP Dependency-Check to address risks from software supply chain attacks and tackle patch debt from emerging libraries. Discover insights on process design, automation, monitoring, and vendor interaction. Delve into topics such as challenges with outsourced app development, considerations for centralized vulnerability management tools, evaluation of SCA tools, operational architecture iterations, and methods for handling false positives. Gain valuable knowledge on suppression techniques, scanning base products, and addressing vendors' challenges of non-exploitability in this informative 51-minute presentation by Frank Liauw, Senior Red Team Engineer and AppSec Team Lead.

Syllabus

Intro
Possible Challenges with Outsourced App Development
Considerations for Centralized Vulnerability Management Tools
People, Process Technology
Evaluation of SCA Tools
SCA Tool Success Factors
SCA Tool Operational Architecture (3rd iteration)
SCA Tool Operational Architecture (4th iteration, WIP)
SCA Tool Evaluation Comparison (Revised)
False Positive from overly broad NVD CPE
Suppression Method
Scanning base products
Vendor's Challenge of non-exploitability


Taught by

OWASP Foundation

Related Courses

The Foundations of Cybersecurity
University System of Georgia via Coursera
Introduction to Cybersecurity
SecurityScoreCard via Udacity
TOTAL: CompTIA CySA+ Cybersecurity Analyst (CS0-003)
Udemy
Fundamentals of Internet Security | Secure Your Environment
Udemy
Ciberseguridad en linea
Udemy