Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities
Offered By: Black Hat via YouTube
Course Description
Overview
Syllabus
Intro
The Benefits of Open Source Software
Open source security is a strange thing
Typo squatting
Package Masking
Ownership transfer
Dangling references
Picking a target for infection
How dependencies gets infected?
How can we protect ourselves from supply chain attacks?
Netflix Microservice Architecture
Design principles for our approach
Build open source vulnerability database
Vulnerability Triage
Risk Strategy Table - Example 1
Requirements for effective vulnerability remediation
Understanding minimum version update problem
First order dependency problem
Yarn Selective dependency resolutions - Example
Dependency lock updates
Security Change Campaigns
Security Change Campaign - Blacklist
Vulnerable method use detection
Better remediation (slack bot remediation)
Questions we ask for organizational metrics
Blackhat sound bytes
Taught by
Black Hat
Related Courses
Security Principles(ISC)² via Coursera A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera FinTech for Finance and Business Leaders
ACCA via edX Access Control Concepts
(ISC)² via Coursera Access Controls
(ISC)² via Coursera