Find and Track the Hidden Vulnerabilities Inside Your Dependencies

Discover how to identify and monitor hidden vulnerabilities in your application dependencies in this 27-minute conference talk from Devoxx. Learn about vulnerability indexing systems like NVD and CVE, as well as severity scoring using CVSS. Explore the creation of a Continuous Security pipeline using Jenkins and open-source tools such as OWASP DependencyCheck and DependencyTrack. Gain insights into the DevSecOps philosophy and see practical demonstrations of vulnerability detection, tracking, and mitigation. Cover topics including the National Phenology Database, Heartbleed, common vulnerability scoring, and specific vulnerabilities in popular frameworks like Spring and Jackson. Walk through the process of fixing vulnerabilities, checking base code and dependencies, and implementing security measures using Jenkins plugins, Docker images, and API keys.

Intro
Risk
Introduction
National Phenology Database
Heartbleed
Common Vulnerability Scoring System
Dependency Check
Demo
Dependency Track
Springwood vulnerability
Jackson vulnerability
Fixing the vulnerability
Checking the base code
Checking the dependencies
Jenkins plugin
Jenkins report
Docker image
API Key
Flag Security Vulnerability