YoVDO

OWASP Flagship Projects - OWASP Dependency-Check

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Application Security Courses Software Composition Analysis Courses

Course Description

Overview

Explore OWASP Dependency-Check, a flagship project of the OWASP Foundation, in this 29-minute conference talk presented by Jeremy Long. Dive into the world of Software Composition Analysis and learn about primary data sources, including the National Vulnerability Database (NVD) and Common Vulnerability and Exposures (CVE) list. Understand the challenges in library identification, evidence-based identification issues, and strategies for dealing with false positives. Discover how to onboard an application and various use cases for dependency-check. Gain insights into vulnerability data sources and their importance in identifying security risks in software dependencies. Learn how to contribute to this open-source project and enhance the security of your applications.

Syllabus

Intro
Software Composition Analysis
Primary Data Sources
Vulnerability Data Source • National Vulnerability Database (NVD) List of Common Vulnerability and Exposures (CVE) • Each CVE entry contains • A description of the vulnerability
Library Identification Problems • Development & Security use different identifiers
Evidence Based Identification Issues
Dealing with False Positives Invalid dependency identification can be resolved using a suppression file
Onboarding an Application
Use Cases for dependency-check
How can you help?


Taught by

OWASP Foundation

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network