Find and Track the Hidden Vulnerabilities Inside Your Dependencies
Offered By: Devoxx via YouTube
Course Description
Overview
Discover how to identify and monitor hidden vulnerabilities in your application dependencies in this 27-minute conference talk from Devoxx. Learn about vulnerability indexing systems like NVD and CVE, as well as severity scoring using CVSS. Explore the creation of a Continuous Security pipeline using Jenkins and open-source tools such as OWASP DependencyCheck and DependencyTrack. Gain insights into the DevSecOps philosophy and see practical demonstrations of vulnerability detection, tracking, and mitigation. Cover topics including the National Phenology Database, Heartbleed, common vulnerability scoring, and specific vulnerabilities in popular frameworks like Spring and Jackson. Walk through the process of fixing vulnerabilities, checking base code and dependencies, and implementing security measures using Jenkins plugins, Docker images, and API keys.
Syllabus
Intro
Risk
Introduction
National Phenology Database
Heartbleed
Common Vulnerability Scoring System
Dependency Check
Demo
Dependency Track
Springwood vulnerability
Jackson vulnerability
Fixing the vulnerability
Checking the base code
Checking the dependencies
Jenkins plugin
Jenkins report
Docker image
API Key
Flag Security Vulnerability
Taught by
Devoxx
Related Courses
DevOps CI/CD Pipeline: Automation from development to deploymentUniversidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX Exploring the Benefits of Continuous Security and Compliance for Cloud Infrastructure
Pluralsight Integrating Incident Response into DevSecOps
Pluralsight DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning