Chapter Meeting OWASP_Geneva 2015/10/19 About Me Thomas Hofer - PowerPoint PPT Presentation

Dec 31, 2022 •230 likes •335 views

OWASP Dependency-Check Chapter Meeting OWASP_Geneva 2015/10/19 About Me Thomas Hofer Java DEV / AppSec OWASP Geneva Board State of Geneva @thhofer thomas.hofer@owasp.org Outline Context How it works / Integration

OWASP Dependency-Check Chapter Meeting OWASP_Geneva 2015/10/19
About Me • Thomas Hofer • Java DEV / AppSec • OWASP Geneva Board • State of Geneva • @thhofer • thomas.hofer@owasp.org
Outline • Context • How it works / Integration • Sample results • False positives • Links • Q&A
Context • OWASP Top 10 – 2013 – A9 – Using components with known vulnerabilities • Prevalence: Widespread • Detectability: Difficult • Dependency-Check project – Java & .Net – Team: Jeremy Long, Will Stranathan, Steve Springett
How it works • Searches NVD CVE – Based on data extracted from libs compared to CPE identifiers • Can run as – Maven plugin – Ant task – Gradle plugin – Jenkins plugin
Sample results
False positives • Suppression Filters – added in 1.0.7 (Dec 2013) • Simple way to remove false positives <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Che ck_Suppression"> <suppress> <notes><![CDATA[ file name: spring-core-3.0.0.RELEASE.jar ]]></notes> <sha1>4F268922155FF53FB7B28AECA24FB28D5A439D95</sha1> <cpe>cpe:/a:vmware:springsource_spring_framework:3.0.0</cpe> </suppress> </suppressions>
Links • Project page https://www.owasp.org/index.php/OWASP_Dependency_Che ck • Documentation http://jeremylong.github.io/DependencyCheck/index.html • Source https://github.com/jeremylong/DependencyCheck • Jeremy's original presentation http://jeremylong.github.io/DependencyCheck/general/depe ndency-check.pdf
Q&A Questions?

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OWASP London Chapter Meeting 30th March 2017 London Chapter Chapter Leaders: Sam

OWASP London Chapter Meeting 30th March 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Keeping In Touch: Join the OWASP London mailing list Follow

917 views • 23 slides

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva 12/12/2016 Jrmy MATOS whois securingapps Developer background Spent last 10 years working between Geneva and Lausanne on security products

867 views • 22 slides

CHvote towards 2.0 Evolution of the electronic voting system of Canton Geneva Bio Thomas

CHvote towards 2.0 Evolution of the electronic voting system of Canton Geneva Bio Thomas Hofer Java Dev OWASP Geneva, co-chapter leader State of Geneva @thhofer / thomas.hofer@owasp.org Outline Context Updated

723 views • 23 slides

OWASP London Chapter Meeting 27th July 2017 London Chapter Chapter Leaders: Sam

OWASP London Chapter Meeting 27th July 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Chapter Events: Chapter Meetings at least once every 2 months Hackathon &

564 views • 32 slides

OWASP London Chapter Meeting 28th September 2017 London Chapter Chapter Leaders: Sam

OWASP London Chapter Meeting 28th September 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Chapter Events: Chapter Meetings at least once every 2 months Hackathon

381 views • 35 slides

OWASP London Chapter Meeting 23rd November 2017 London Chapter Chapter Leaders: Sam

OWASP London Chapter Meeting 23rd November 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Chapter Events: Chapter Meetings at least once every 2 months Hackathon

424 views • 29 slides

OpenSAMM Software Assurance Maturity Model Seba Deleersnyder seba@owasp.org OWASP Foundation

The OWASP Foundation Libre Software Meeting Brussels 10-July-2013 http://www.owasp.org OpenSAMM Software Assurance Maturity Model Seba Deleersnyder seba@owasp.org OWASP Foundation Board Member OWASP Belgium Chapter Leader SAMM project

682 views • 43 slides

UC.yber; OWASP Chapter The University of Cincinnati's Official Cybersecurity Chapter What is

UC.yber; OWASP Chapter The University of Cincinnati's Official Cybersecurity Chapter What is OWASP? Open Web Application Security Project Non-profit organization focused on improving security of software. They have some GREAT info on

372 views • 9 slides

Insecurity in Informaton Technology Tanya Janca Tanya.Janca@owasp.org OWASP Otawa Chapter

Insecurity in Informaton Technology Tanya Janca Tanya.Janca@owasp.org OWASP Otawa Chapter Leader OWASP DevSlop Project Leader @SheHacksPurple About Me The Im Qualifed Slide Tanya Janca: Applicaton security evangelist, web

1k views • 82 slides

New Privacy in Android 11 and OWASP Mobile Security Albert Hsieh OWASP 200

New Privacy in Android 11 and OWASP Mobile Security Albert Hsieh OWASP 200 OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP Dependency-Track

751 views • 55 slides

OWASP Foundation OWASP does not endorse or recommend commercial products or services , allowing our

OWASP Foundation OWASP does not endorse or recommend commercial products or services , allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. OWASP Foundation, NYC Chapter

382 views • 23 slides

Welcome to the OWASP Toronto Meetup Hello, and happy 2018! Announcement: OWASP Top 10 2017

Welcome to the OWASP Toronto Meetup Hello, and happy 2018! Announcement: OWASP Top 10 2017 Changes between 2013 and 2017 Hi, I am X. How do I get into AppSec/Security? OWASP Toronto Chapter January 17, 2018 Topics Overviews, Career Paths,

372 views • 36 slides

OWASP Daniel Brzozowski daniel@brzozowski.biz Agenda 1. Few words about OWASP 2. Owasp resources

OWASP Daniel Brzozowski daniel@brzozowski.biz Agenda 1. Few words about OWASP 2. Owasp resources 3. Setting up workstations 4. OWASP WebScarab/OWASP WebScarab-NG 5. O2 Platform About me In London since October 2010 Before that MCPD, MCTS,

747 views • 58 slides

OWASP Top Ten Kirk Jackson OWASP NZ RedShield https://www.meetup.com/ kirk@pageofwords.com

Introduction to the OWASP Top Ten Kirk Jackson OWASP NZ RedShield https://www.meetup.com/ kirk@pageofwords.com OWASP-Wellington/ http://hack-ed.com www.owasp.org.nz Recordings: @kirkj @owaspnz https://goo.gl/a2VSG2 What is OWASP? Open

880 views • 45 slides

Feedbacks on 10y of pentesting and DFIR How to increase your detection capabilities Julien

Feedbacks on 10y of pentesting and DFIR How to increase your detection capabilities Julien Bachmann @milkmix_ 24 April 2017 OWASP, Geneva INTRO 1 24/04/2017 OWASP, Geneva ABOUT ME 3 Julien Bachmann Current CTO @ Hacknowledge Swiss

677 views • 40 slides

GAVIS MEASLES AND RUBELLA STRATEGY BOARD MEETING Stefano Malvolti 2-3 December 2015, Geneva

GAVIS MEASLES AND RUBELLA STRATEGY BOARD MEETING Stefano Malvolti 2-3 December 2015, Geneva Reach every child www.gavi.org MCV1 coverage stagnated for past 5 years putting at risk achievement of GVAP goals 2015 2015* 2000 2015 2012

467 views • 10 slides

Understanding the Share of IPv6 Traffic in a Dual-Stack ISP Enric Pujol, Philipp Richter, and

Understanding the Share of IPv6 Traffic in a Dual-Stack ISP Enric Pujol, Philipp Richter, and Anja Feldmann PAM 2017, Sydney, Australia IPv6 adoption metrics User end hosts Server-side measurements e.g., Google reports 20% of the hosts have

869 views • 40 slides

IPv6 Deployment Planning: 12 Steps to Enable IPv6 in an ISP Network LACNIC 28

IPv6 Deployment Planning: 12 Steps to Enable IPv6 in an ISP Network LACNIC 28 Montevideo, Uruguay Septiembre 2017 Jordi Palet (jordi.palet@theipv6company.com) - 1 1. Prefix request How many customers do you have? Home

198 views • 16 slides

POLICY UNDERSTANDING WITH COMMUNICATION AND TRAINING THE POLICY MANAGEMENT ILLUSTRATED SERIES

BEYOND THE SHELF - ENSURING POLICY UNDERSTANDING WITH COMMUNICATION AND TRAINING THE POLICY MANAGEMENT ILLUSTRATED SERIES PART THREE SPEAKERS Michael Rasmussen, GRC Research Analyst and Pundit, GRC 20/20 and OCEG Fellow Robert OBrien,

614 views • 32 slides

Analyzing IPv6 address assignment practices Ramakrishna Padmanabhan, John Rula, Philipp

Analyzing IPv6 address assignment practices Ramakrishna Padmanabhan, John Rula, Philipp Richter, Stephen Strowes, Alberto Dainotti Goal: Understand the stability of IPv6 addresses How long do devices retain their IPv6 addresses?

437 views • 20 slides

2020 UNO Accounting Speakers Series FRIDAY | SEPTEMBER 18, 2020 | Zoom Webinar 8:30 8:45

2020 UNO Accounting Speakers Series FRIDAY | SEPTEMBER 18, 2020 | Zoom Webinar 8:30 8:45 Welcome: Susan Eldridge, School of Accounting Director 8:45 10:25 Keynote Speaker: Ginger White Six Sigma and the Value-Add Accountant 10:25

185 views • 7 slides

1

425 views • 19 slides

Welcome 2018 Board of Examiners Examiner Training Day 1 Introductions Name Company

Welcome 2018 Board of Examiners Examiner Training Day 1 Introductions Name Company What is your intention for examiner training? What are you famous for? 2 Team Agreement How can we make this a successful training course?

1.45k views • 132 slides

MEDIA RELEASE 9 April 2013 Raising the Bar for Quality in Private Education 1. More than 300

MEDIA RELEASE 9 April 2013 Raising the Bar for Quality in Private Education 1. More than 300 participants from the private education industry gathered today at the inaugural Private Education Conference - "Raising the Bar on Quality - to

356 views • 24 slides