YoVDO

OWASP Flagship Projects - OWASP Dependency-Check

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Application Security Courses Software Composition Analysis Courses

Course Description

Overview

Explore OWASP Dependency-Check, a flagship project of the OWASP Foundation, in this 29-minute conference talk presented by Jeremy Long. Dive into the world of Software Composition Analysis and learn about primary data sources, including the National Vulnerability Database (NVD) and Common Vulnerability and Exposures (CVE) list. Understand the challenges in library identification, evidence-based identification issues, and strategies for dealing with false positives. Discover how to onboard an application and various use cases for dependency-check. Gain insights into vulnerability data sources and their importance in identifying security risks in software dependencies. Learn how to contribute to this open-source project and enhance the security of your applications.

Syllabus

Intro
Software Composition Analysis
Primary Data Sources
Vulnerability Data Source • National Vulnerability Database (NVD) List of Common Vulnerability and Exposures (CVE) • Each CVE entry contains • A description of the vulnerability
Library Identification Problems • Development & Security use different identifiers
Evidence Based Identification Issues
Dealing with False Positives Invalid dependency identification can be resolved using a suppression file
Onboarding an Application
Use Cases for dependency-check
How can you help?


Taught by

OWASP Foundation

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube
Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube
Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube
What's New in Grails 2.0
ChariotSolutions via YouTube
Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube