Using components with known vulnerabilities enable attackers to exploit those vulnerabilities using existing tools and scripts designed for that purpose. In this video, learn how to test for components with known vulnerabilities.
- [Instructor] The ninth set of risks … in the OWASP Top 10 list are flaws related … to using components with known vulnerabilities. … In my opinion, this category of flaws is very closely … related to security misconfigurations. … Ironically, OWASP actually references … security misconfigurations in their Top 10 PDF … and their description for this category of risks. … I think the reason OWASP separates … the two risks is that you can choose … which security configurations you want to apply, … but you're at the mercy of the vendor … or the open-source community when it comes … to vulnerable components. … Another differentiator is that security configurations map … to business risk appetite. … You might choose to apply a weaker security configuration … for the sake of user convenience, … or because you're using another technology … that just won't work if you apply the tighter … security config. … Fixing a vulnerable component could require … much more effort than adjusting a security configuration. …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.