![]() The problem with using known vulnerable components was described very well in a paper by Jeff Williams and Arshan Dabirsiaghi titled, “ Unfortunate Reality of Insecure Libraries”. ![]() Dependency Check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components. The OWASP contains a new entry: A9-Using Components with Known Vulnerabilities. If found, it will generate a report linking to the associated CVE entries. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. ![]() Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |