Online Courses
Security in the Pipeline
Online Courses
Security in the Pipeline
  • Introduction
  • Dependency Management
    • Introduction
    • What are dependencies?
    • Internal vs External
    • Securing External Dependencies
    • Securing Internal Dependencies
    • Theory of a Dependency Confusion
    • Conclusion
  • SAST
    • Introduction
    • Code Review
      • Automated Code Review
    • SAST in the Development Cycle
    • Conclusion
  • DAST
    • Introduction
    • Dynamic Application Security Testing (DAST)
    • Spiders and Crawlers
    • Scanning for Vulnerabilities
    • Authenticated Scans
    • Checking APIs with ZAP
    • Integrating DAST into the development pipeline
    • Conclusion
Powered by GitBook
On this page
  1. Dependency Management

Introduction

It is very uncommon in modern times to find an application written completely from scratch. Furthermore, writing it completely from scratch is probably a bad idea since you will most likely introduce vulnerabilities by trying to reinvent the wheel. Instead, modern applications make extensive use of libraries and Software Development Kits (SDKs) that assist with the basic (and sometimes complex) features of the application, allowing the developer to focus purely on the key features and functionality of the application.

These libraries and SDKs are called dependencies since our application depends on them. While dependencies make our lives a lot easier, they have to be securely managed since they now form part of the overall attack surface of the application. In this room, we will learn about security concepts associated with dependency management and show how a specific dependency management issue can be exploited by an attacker.

PreviousIntroductionNextWhat are dependencies?

Last updated 8 months ago