Maartens Notebook

All notes tagged 'cve'

Automatic scan for known vulnerabilities in dependencies

When using third-party components (be it open source or not), we all know it’s a good practice to keep your frameworks and libraries up to date. This is also one of the spearhead in the OWASP Top 10 (2013 edition): A9 - Using Components with Known Vulnerabilities. To help you assess your projects status with regard to this, OWASP.org developed the tool Dependency Check. This tool is primarily intended code bases in Java, .NET, Ruby, Node.js, and Python. Integration with various build tools is also provided for.

Posted Aug 30, 2016. Read more...