OWASP Flagship Projects - OWASP Dependency-Check
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore OWASP Dependency-Check, a flagship project of the OWASP Foundation, in this 29-minute conference talk presented by Jeremy Long. Dive into the world of Software Composition Analysis and learn about primary data sources, including the National Vulnerability Database (NVD) and Common Vulnerability and Exposures (CVE) list. Understand the challenges in library identification, evidence-based identification issues, and strategies for dealing with false positives. Discover how to onboard an application and various use cases for dependency-check. Gain insights into vulnerability data sources and their importance in identifying security risks in software dependencies. Learn how to contribute to this open-source project and enhance the security of your applications.
Syllabus
Intro
Software Composition Analysis
Primary Data Sources
Vulnerability Data Source • National Vulnerability Database (NVD) List of Common Vulnerability and Exposures (CVE) • Each CVE entry contains • A description of the vulnerability
Library Identification Problems • Development & Security use different identifiers
Evidence Based Identification Issues
Dealing with False Positives Invalid dependency identification can be resolved using a suppression file
Onboarding an Application
Use Cases for dependency-check
How can you help?
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube