FSN-9751 Find and Track the hidden vulnerabilities inside your dependencies | Devoxx

Devoxx Belgium 2018
from Monday 12 November to Friday 16 November 2018.

   Find and Track the hidden vulnerabilities inside your dependencies

Tools-in-Action

Architecture & Security
Architecture & Security
Beginner & novice level
Room 8 Tuesday from 18:15 til 18:45

44% of applications contain critical vulnerabilities in an open source component* and this although good practices like OWASP Top 10 have become widespread.

Do not let these vulnerabilities incubate warm in the belly of your app! With this talk you'll learn how those vulnerabilities are indexed (NVD, CVE) and how their severity is scored (CVSS).

You'll see how to create your first Continuous Security pipeline using Jenkins and OWASP DependencyCheck which detects vulnerabilities and track them using OWASP DependencyTrack (open-source softwares)

Do you first step in the DevSecOps philosophy !!!

*https://www.veracode.com/products/software-composition-analysis

security   pipelines   OWASP  
Subscribe to Devoxx on YouTube
Julien Topçu
Julien Topçu
From Société Générale & OWASP fundation member

Senior Lead Developer for Société Générale, I'm an active evangelist on "value creation" focused methodologies, such as DDD/Hexagonal Architecture, l'XP and Kanban #NoEstimates.

As an OWASP fundation member, I strive to convey the DevSecOps mindset to the community. I set up several Continuous Security pipelines at companies scale.


Sign-in
Make sure to download the Android or iOS mobile schedule.