SlideShare a Scribd company logo

Owasp dependency checker

Download as PPTX, PDF
HYS Enterprise
HYS Enterprise

by Dmitry Mustafin

Engineering
1 of 12
OWASP Dependency Checker By Dmitriy Mustafin JavaMeetup
My experience - I started with machine code and punched cards. I used to write on Assembler, then on C and Pascal, С++, Delphi, C#, Javascript, and some other scripting languages. Now I mostly write on Java, and I’m pretty much happy with that. - DOS (it was a wonderful to have 21h interrupt), OS/2, QNX, Windows (my favorite so far), Linux (and Yocto as well), MacOS/iOS. - I studied at university but I still haven't defended my thesis (and I'm not planning on doing this anytime soon). I keep learning new things during my work. - I was writing, designing, engineering, managing and solving problems. - Married, children, cat.
HYS Enterprise is a Dutch software development company with more than 200 talented engineers from all over the world hys-enterprise.com
Agenda - The OWASP Foundation - Types of Vulnerabilities - OWASP Projects - OWASP Dependency Check - Live Demo - Useful Links
The OWASP Foundation The OWASP Foundation came online on December 1st 2001, it was established as a not-for-profit charitable organization in the USA. OWASP is an international organization. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. www.owasp.org
Types of Vulnerabilities OWASP Top 10 of 2017 (how to prevent -> look to “Useful Links” slide) ● Injection ● Broken Authentication ● Sensitive Data Exposure ● XML External Entities (XXE) [NEW] ● Broken Access Control ● Security Misconfiguration ● Cross-Site Scripting (XSS) ● Insecure Deserialization [NEW] ● Using Components with Known Vulnerabilities ● Insufficient Logging & Monitoring [NEW]
OWASP Projects More than 130 subcategories of projects: https://www.owasp.org/index.php/Category:OWASP_Project All OWASP tools, document, and code library projects are organized into the following categories: Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole. Lab Projects: OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value. Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.
OWASP Dependency-Check Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently, Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake). The tool can be part of a solution to the OWASP Top 10.
OWASP Dependency-Check - cont. Start Page: https://www.owasp.org/index.php/OWASP_Dependency_Check#tab=Main (!) How to use: https://jeremylong.github.io/DependencyCheck/dependency-check- maven/index.html Shortly: ● Maven Plugin ● Config in POM-file ● Can fail build
Live Demo GitLab project: http://gitlab.hysdev.com/MeetUp/owaspdependencycheck POM-file change (in <project> .. <build> .. <plugins>): <plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>4.0.0</version> <configuration> <failBuildOnCVSS>1</failBuildOnCVSS> </configuration> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin>
Useful Links About OWASP: #1 https://docs.google.com/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?pref=2&pli=1#slide=id.g1b6b483913_0_0 #2 https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project OWASP Top 10 issues (and how to prevent): https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf Projects: https://www.owasp.org/index.php/Category:OWASP_Project About vulnerabilities: https://blog.sucuri.net/2018/10/owasp-top-10-security-risks-part-i.html
Thank you for your attention! Any Questions?

Recommended

[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerAppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerCiNPA Security SIG
 
Learning By Breaking Owasp Bwa Doug Wilson Shmoo 2010
Learning By Breaking Owasp Bwa Doug Wilson Shmoo 2010Learning By Breaking Owasp Bwa Doug Wilson Shmoo 2010
Learning By Breaking Owasp Bwa Doug Wilson Shmoo 2010SecurityTube.Net
 
Learning By Breaking O W A S P B W A Doug Wilson Shmoo 2010
Learning By Breaking O W A S P B W A Doug Wilson Shmoo 2010Learning By Breaking O W A S P B W A Doug Wilson Shmoo 2010
Learning By Breaking O W A S P B W A Doug Wilson Shmoo 2010SecurityTube.Net
 
Jeff seifert 2015 resume
Jeff seifert 2015 resumeJeff seifert 2015 resume
Jeff seifert 2015 resumeJeff Seifert
 
Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandMatt Tesauro
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerCiNPA Security SIG
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 

Recommended

[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerAppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 PrimerCiNPA Security SIG
 
Learning By Breaking Owasp Bwa Doug Wilson Shmoo 2010
Learning By Breaking Owasp Bwa Doug Wilson Shmoo 2010Learning By Breaking Owasp Bwa Doug Wilson Shmoo 2010
Learning By Breaking Owasp Bwa Doug Wilson Shmoo 2010SecurityTube.Net
 
Learning By Breaking O W A S P B W A Doug Wilson Shmoo 2010
Learning By Breaking O W A S P B W A Doug Wilson Shmoo 2010Learning By Breaking O W A S P B W A Doug Wilson Shmoo 2010
Learning By Breaking O W A S P B W A Doug Wilson Shmoo 2010SecurityTube.Net
 
Jeff seifert 2015 resume
Jeff seifert 2015 resumeJeff seifert 2015 resume
Jeff seifert 2015 resumeJeff Seifert
 
Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandMatt Tesauro
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerCiNPA Security SIG
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageVandana Verma
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisMagno Logan
 
Mark Abajian's Resume
Mark Abajian's ResumeMark Abajian's Resume
Mark Abajian's ResumeMark Abajian
 
Programming in java ppt
Programming in java pptProgramming in java ppt
Programming in java pptMrsRBoomadeviIT
 
Programming in java ppt
Programming in java pptProgramming in java ppt
Programming in java pptMrsRLakshmiIT
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilitiesOWASP
 
SARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalSARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalVandana Verma
 
Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overviewNikola Milosevic
 
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."HYS Enterprise
 
TechSearchWeb Tutorials.pdf
TechSearchWeb Tutorials.pdfTechSearchWeb Tutorials.pdf
TechSearchWeb Tutorials.pdfTechSearchWeb
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerCiNPA Security SIG
 
Sidi_Resume
Sidi_ResumeSidi_Resume
Sidi_ResumeSidi Mohamed El Haj Sidi
 
Resume
ResumeResume
ResumeYi Qian
 
resume
resumeresume
resumeYi Qian
 
Csrf protector
Csrf protectorCsrf protector
Csrf protectorMinhaz A V
 
JAVA PPT Part-1 BY ADI.pdf
JAVA PPT Part-1 BY ADI.pdfJAVA PPT Part-1 BY ADI.pdf
JAVA PPT Part-1 BY ADI.pdfProf. Dr. K. Adisesha
 
JAVA PPT-1 BY ADI.pdf
JAVA PPT-1 BY ADI.pdfJAVA PPT-1 BY ADI.pdf
JAVA PPT-1 BY ADI.pdfProf. Dr. K. Adisesha
 
Chirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita Ionel
 
Bledar Gjocaj - Java open source
Bledar Gjocaj - Java open sourceBledar Gjocaj - Java open source
Bledar Gjocaj - Java open sourceOpen Labs Albania
 
Magic of web components
Magic of web componentsMagic of web components
Magic of web componentsHYS Enterprise
 
“ASP.NET Core. Features and architecture”
“ASP.NET Core. Features and architecture” “ASP.NET Core. Features and architecture”
“ASP.NET Core. Features and architecture” HYS Enterprise
 

More Related Content

Similar to Owasp dependency checker

CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageVandana Verma
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisMagno Logan
 
Mark Abajian's Resume
Mark Abajian's ResumeMark Abajian's Resume
Mark Abajian's ResumeMark Abajian
 
Programming in java ppt
Programming in java pptProgramming in java ppt
Programming in java pptMrsRLakshmiIT
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilitiesOWASP
 
SARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalSARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalVandana Verma
 
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."HYS Enterprise
 
TechSearchWeb Tutorials.pdf
TechSearchWeb Tutorials.pdfTechSearchWeb Tutorials.pdf
TechSearchWeb Tutorials.pdfTechSearchWeb
 
Csrf protector
Csrf protectorCsrf protector
Csrf protectorMinhaz A V
 
Chirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita Ionel
 
Bledar Gjocaj - Java open source
Bledar Gjocaj - Java open sourceBledar Gjocaj - Java open source
Bledar Gjocaj - Java open sourceOpen Labs Albania
 

Similar to Owasp dependency checker (20)

CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec Presentation
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec Village
 
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck WillisAppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck Willis
 
Mark Abajian's Resume
Mark Abajian's ResumeMark Abajian's Resume
Mark Abajian's Resume
 
Programming in java ppt
Programming in java pptProgramming in java ppt
Programming in java ppt
 
Programming in java ppt
Programming in java pptProgramming in java ppt
Programming in java ppt
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
 
SARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalSARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma Sehgal
 
Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overview
 
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."
Dmitriy Mustafin (HYS Enterprise) "Web UI for Back-end developer."
 
TechSearchWeb Tutorials.pdf
TechSearchWeb Tutorials.pdfTechSearchWeb Tutorials.pdf
TechSearchWeb Tutorials.pdf
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP Primer
 
Sidi_Resume
Sidi_ResumeSidi_Resume
Sidi_Resume
 
Resume
ResumeResume
Resume
 
resume
resumeresume
resume
 
Csrf protector
Csrf protectorCsrf protector
Csrf protector
 
JAVA PPT Part-1 BY ADI.pdf
JAVA PPT Part-1 BY ADI.pdfJAVA PPT Part-1 BY ADI.pdf
JAVA PPT Part-1 BY ADI.pdf
 
JAVA PPT-1 BY ADI.pdf
JAVA PPT-1 BY ADI.pdfJAVA PPT-1 BY ADI.pdf
JAVA PPT-1 BY ADI.pdf
 
Chirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita ionel owasp europe tour
Chirita ionel owasp europe tour
 
Bledar Gjocaj - Java open source
Bledar Gjocaj - Java open sourceBledar Gjocaj - Java open source
Bledar Gjocaj - Java open source
 

More from HYS Enterprise

Magic of web components
Magic of web componentsMagic of web components
Magic of web componentsHYS Enterprise
 
“ASP.NET Core. Features and architecture”
“ASP.NET Core. Features and architecture” “ASP.NET Core. Features and architecture”
“ASP.NET Core. Features and architecture” HYS Enterprise
 
How to create a perfect CV and make a good impression at an interview
How to create a perfect CV and make a good impression at an interviewHow to create a perfect CV and make a good impression at an interview
How to create a perfect CV and make a good impression at an interviewHYS Enterprise
 
Top soft skills to get a job
Top soft skills to get a jobTop soft skills to get a job
Top soft skills to get a jobHYS Enterprise
 
Wild Async .NET world: AID Kit for boy-scouts
Wild Async .NET world: AID Kit for boy-scoutsWild Async .NET world: AID Kit for boy-scouts
Wild Async .NET world: AID Kit for boy-scoutsHYS Enterprise
 
Contract testing. Getting started with Pact IO.
Contract testing. Getting started with Pact IO.Contract testing. Getting started with Pact IO.
Contract testing. Getting started with Pact IO.HYS Enterprise
 
Testing strategies in a microservices architecture. Independence vs integration
Testing strategies in a microservices architecture. Independence vs integrationTesting strategies in a microservices architecture. Independence vs integration
Testing strategies in a microservices architecture. Independence vs integrationHYS Enterprise
 
Leonid Sushenko "Pro scrum"
Leonid Sushenko "Pro scrum"Leonid Sushenko "Pro scrum"
Leonid Sushenko "Pro scrum"HYS Enterprise
 
"Test Design Techniques"
"Test Design Techniques" "Test Design Techniques"
"Test Design Techniques" HYS Enterprise
 
Essentials soft skills for a developer
Essentials soft skills for a developerEssentials soft skills for a developer
Essentials soft skills for a developerHYS Enterprise
 
“Tips&Tricks&Antitricks with .Net Core backend in GameDev”
“Tips&Tricks&Antitricks with .Net Core backend in GameDev”“Tips&Tricks&Antitricks with .Net Core backend in GameDev”
“Tips&Tricks&Antitricks with .Net Core backend in GameDev”HYS Enterprise
 
"Dealing with legacy code"
"Dealing with legacy code""Dealing with legacy code"
"Dealing with legacy code"HYS Enterprise
 
“QA job interview: life hacks and scripts for success”
“QA job interview: life hacks and scripts for success”“QA job interview: life hacks and scripts for success”
“QA job interview: life hacks and scripts for success”HYS Enterprise
 
Evgeniy Burak (HYS Enterprise): “Spring Data REST or intellectual job VS manual”
Evgeniy Burak (HYS Enterprise): “Spring Data REST or intellectual job VS manual”Evgeniy Burak (HYS Enterprise): “Spring Data REST or intellectual job VS manual”
Evgeniy Burak (HYS Enterprise): “Spring Data REST or intellectual job VS manual”HYS Enterprise
 
Nikolay Tsyb (HYS Enterprise) "Immortal system as a piece of cake."
Nikolay Tsyb (HYS Enterprise) "Immortal system as a piece of cake."Nikolay Tsyb (HYS Enterprise) "Immortal system as a piece of cake."
Nikolay Tsyb (HYS Enterprise) "Immortal system as a piece of cake."HYS Enterprise
 
Я твой Expected Result шатал
Я твой Expected Result шаталЯ твой Expected Result шатал
Я твой Expected Result шаталHYS Enterprise
 
“Elasticsearch for .NET developers”
“Elasticsearch for .NET developers” “Elasticsearch for .NET developers”
“Elasticsearch for .NET developers” HYS Enterprise
 
“Microservices: how to avoid making the same mistake twice.”
“Microservices: how to avoid making the same mistake twice.”“Microservices: how to avoid making the same mistake twice.”
“Microservices: how to avoid making the same mistake twice.”HYS Enterprise
 
Cheap and Cheerful: Useful Tools for Fast Development of Ready-Made Solutions
Cheap and Cheerful: Useful Tools for Fast Development of Ready-Made SolutionsCheap and Cheerful: Useful Tools for Fast Development of Ready-Made Solutions
Cheap and Cheerful: Useful Tools for Fast Development of Ready-Made SolutionsHYS Enterprise
 

More from HYS Enterprise (20)

Magic of web components
Magic of web componentsMagic of web components
Magic of web components
 
“ASP.NET Core. Features and architecture”
“ASP.NET Core. Features and architecture” “ASP.NET Core. Features and architecture”
“ASP.NET Core. Features and architecture”
 
How to create a perfect CV and make a good impression at an interview
How to create a perfect CV and make a good impression at an interviewHow to create a perfect CV and make a good impression at an interview
How to create a perfect CV and make a good impression at an interview
 
Top soft skills to get a job
Top soft skills to get a jobTop soft skills to get a job
Top soft skills to get a job
 
Saga pattern
Saga patternSaga pattern
Saga pattern
 
Wild Async .NET world: AID Kit for boy-scouts
Wild Async .NET world: AID Kit for boy-scoutsWild Async .NET world: AID Kit for boy-scouts
Wild Async .NET world: AID Kit for boy-scouts
 
Contract testing. Getting started with Pact IO.
Contract testing. Getting started with Pact IO.Contract testing. Getting started with Pact IO.
Contract testing. Getting started with Pact IO.
 
Testing strategies in a microservices architecture. Independence vs integration
Testing strategies in a microservices architecture. Independence vs integrationTesting strategies in a microservices architecture. Independence vs integration
Testing strategies in a microservices architecture. Independence vs integration
 
Leonid Sushenko "Pro scrum"
Leonid Sushenko "Pro scrum"Leonid Sushenko "Pro scrum"
Leonid Sushenko "Pro scrum"
 
"Test Design Techniques"
"Test Design Techniques" "Test Design Techniques"
"Test Design Techniques"
 
Essentials soft skills for a developer
Essentials soft skills for a developerEssentials soft skills for a developer
Essentials soft skills for a developer
 
“Tips&Tricks&Antitricks with .Net Core backend in GameDev”
“Tips&Tricks&Antitricks with .Net Core backend in GameDev”“Tips&Tricks&Antitricks with .Net Core backend in GameDev”
“Tips&Tricks&Antitricks with .Net Core backend in GameDev”
 
"Dealing with legacy code"
"Dealing with legacy code""Dealing with legacy code"
"Dealing with legacy code"
 
“QA job interview: life hacks and scripts for success”
“QA job interview: life hacks and scripts for success”“QA job interview: life hacks and scripts for success”
“QA job interview: life hacks and scripts for success”
 
Evgeniy Burak (HYS Enterprise): “Spring Data REST or intellectual job VS manual”
Evgeniy Burak (HYS Enterprise): “Spring Data REST or intellectual job VS manual”Evgeniy Burak (HYS Enterprise): “Spring Data REST or intellectual job VS manual”
Evgeniy Burak (HYS Enterprise): “Spring Data REST or intellectual job VS manual”
 
Nikolay Tsyb (HYS Enterprise) "Immortal system as a piece of cake."
Nikolay Tsyb (HYS Enterprise) "Immortal system as a piece of cake."Nikolay Tsyb (HYS Enterprise) "Immortal system as a piece of cake."
Nikolay Tsyb (HYS Enterprise) "Immortal system as a piece of cake."
 
Я твой Expected Result шатал
Я твой Expected Result шаталЯ твой Expected Result шатал
Я твой Expected Result шатал
 
“Elasticsearch for .NET developers”
“Elasticsearch for .NET developers” “Elasticsearch for .NET developers”
“Elasticsearch for .NET developers”
 
“Microservices: how to avoid making the same mistake twice.”
“Microservices: how to avoid making the same mistake twice.”“Microservices: how to avoid making the same mistake twice.”
“Microservices: how to avoid making the same mistake twice.”
 
Cheap and Cheerful: Useful Tools for Fast Development of Ready-Made Solutions
Cheap and Cheerful: Useful Tools for Fast Development of Ready-Made SolutionsCheap and Cheerful: Useful Tools for Fast Development of Ready-Made Solutions
Cheap and Cheerful: Useful Tools for Fast Development of Ready-Made Solutions
 

Recently uploaded

Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 

Owasp dependency checker

  • 2. My experience - I started with machine code and punched cards. I used to write on Assembler, then on C and Pascal, С++, Delphi, C#, Javascript, and some other scripting languages. Now I mostly write on Java, and I’m pretty much happy with that. - DOS (it was a wonderful to have 21h interrupt), OS/2, QNX, Windows (my favorite so far), Linux (and Yocto as well), MacOS/iOS. - I studied at university but I still haven't defended my thesis (and I'm not planning on doing this anytime soon). I keep learning new things during my work. - I was writing, designing, engineering, managing and solving problems. - Married, children, cat.
  • 3. HYS Enterprise is a Dutch software development company with more than 200 talented engineers from all over the world hys-enterprise.com
  • 4. Agenda - The OWASP Foundation - Types of Vulnerabilities - OWASP Projects - OWASP Dependency Check - Live Demo - Useful Links
  • 5. The OWASP Foundation The OWASP Foundation came online on December 1st 2001, it was established as a not-for-profit charitable organization in the USA. OWASP is an international organization. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. www.owasp.org
  • 6. Types of Vulnerabilities OWASP Top 10 of 2017 (how to prevent -> look to “Useful Links” slide) ● Injection ● Broken Authentication ● Sensitive Data Exposure ● XML External Entities (XXE) [NEW] ● Broken Access Control ● Security Misconfiguration ● Cross-Site Scripting (XSS) ● Insecure Deserialization [NEW] ● Using Components with Known Vulnerabilities ● Insufficient Logging & Monitoring [NEW]
  • 7. OWASP Projects More than 130 subcategories of projects: https://www.owasp.org/index.php/Category:OWASP_Project All OWASP tools, document, and code library projects are organized into the following categories: Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole. Lab Projects: OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value. Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.
  • 8. OWASP Dependency-Check Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently, Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake). The tool can be part of a solution to the OWASP Top 10.
  • 9. OWASP Dependency-Check - cont. Start Page: https://www.owasp.org/index.php/OWASP_Dependency_Check#tab=Main (!) How to use: https://jeremylong.github.io/DependencyCheck/dependency-check- maven/index.html Shortly: ● Maven Plugin ● Config in POM-file ● Can fail build
  • 10. Live Demo GitLab project: http://gitlab.hysdev.com/MeetUp/owaspdependencycheck POM-file change (in <project> .. <build> .. <plugins>): <plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>4.0.0</version> <configuration> <failBuildOnCVSS>1</failBuildOnCVSS> </configuration> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin>
  • 11. Useful Links About OWASP: #1 https://docs.google.com/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?pref=2&pli=1#slide=id.g1b6b483913_0_0 #2 https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project OWASP Top 10 issues (and how to prevent): https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf Projects: https://www.owasp.org/index.php/Category:OWASP_Project About vulnerabilities: https://blog.sucuri.net/2018/10/owasp-top-10-security-risks-part-i.html
  • 12. Thank you for your attention! Any Questions?