Chapter Meeting OWASP_Geneva 2015/10/19 About Me Thomas Hofer - PowerPoint PPT Presentation

Dec 31, 2022 •230 likes •335 views

OWASP Dependency-Check Chapter Meeting OWASP_Geneva 2015/10/19 About Me Thomas Hofer Java DEV / AppSec OWASP Geneva Board State of Geneva @thhofer thomas.hofer@owasp.org Outline Context How it works / Integration

OWASP Dependency-Check Chapter Meeting OWASP_Geneva 2015/10/19
About Me • Thomas Hofer • Java DEV / AppSec • OWASP Geneva Board • State of Geneva • @thhofer • thomas.hofer@owasp.org
Outline • Context • How it works / Integration • Sample results • False positives • Links • Q&A
Context • OWASP Top 10 – 2013 – A9 – Using components with known vulnerabilities • Prevalence: Widespread • Detectability: Difficult • Dependency-Check project – Java & .Net – Team: Jeremy Long, Will Stranathan, Steve Springett
How it works • Searches NVD CVE – Based on data extracted from libs compared to CPE identifiers • Can run as – Maven plugin – Ant task – Gradle plugin – Jenkins plugin
Sample results
False positives • Suppression Filters – added in 1.0.7 (Dec 2013) • Simple way to remove false positives <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Che ck_Suppression"> <suppress> <notes><![CDATA[ file name: spring-core-3.0.0.RELEASE.jar ]]></notes> <sha1>4F268922155FF53FB7B28AECA24FB28D5A439D95</sha1> <cpe>cpe:/a:vmware:springsource_spring_framework:3.0.0</cpe> </suppress> </suppressions>
Links • Project page https://www.owasp.org/index.php/OWASP_Dependency_Che ck • Documentation http://jeremylong.github.io/DependencyCheck/index.html • Source https://github.com/jeremylong/DependencyCheck • Jeremy's original presentation http://jeremylong.github.io/DependencyCheck/general/depe ndency-check.pdf
Q&A Questions?

Recommend

OWASP London Chapter Meeting 30th March 2017 London Chapter Chapter Leaders: Sam

OWASP London Chapter Meeting 30th March 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Keeping In Touch: Join the OWASP London mailing list Follow

917 views • 23 slides

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva 12/12/2016 Jrmy MATOS whois securingapps Developer background Spent last 10 years working between Geneva and Lausanne on security products

867 views • 22 slides

CHvote towards 2.0 Evolution of the electronic voting system of Canton Geneva Bio Thomas

CHvote towards 2.0 Evolution of the electronic voting system of Canton Geneva Bio Thomas Hofer Java Dev OWASP Geneva, co-chapter leader State of Geneva @thhofer / thomas.hofer@owasp.org Outline Context Updated

723 views • 23 slides

OWASP London Chapter Meeting 27th July 2017 London Chapter Chapter Leaders: Sam

OWASP London Chapter Meeting 27th July 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Chapter Events: Chapter Meetings at least once every 2 months Hackathon &

564 views • 32 slides

OWASP London Chapter Meeting 28th September 2017 London Chapter Chapter Leaders: Sam

OWASP London Chapter Meeting 28th September 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Chapter Events: Chapter Meetings at least once every 2 months Hackathon

381 views • 35 slides

OWASP London Chapter Meeting 23rd November 2017 London Chapter Chapter Leaders: Sam

OWASP London Chapter Meeting 23rd November 2017 London Chapter Chapter Leaders: Sam Stepanyan (@securestep9) Sherif Mansour (@kerberosmansour) Chapter Events: Chapter Meetings at least once every 2 months Hackathon

424 views • 29 slides

OpenSAMM Software Assurance Maturity Model Seba Deleersnyder seba@owasp.org OWASP Foundation

The OWASP Foundation Libre Software Meeting Brussels 10-July-2013 http://www.owasp.org OpenSAMM Software Assurance Maturity Model Seba Deleersnyder seba@owasp.org OWASP Foundation Board Member OWASP Belgium Chapter Leader SAMM project

682 views • 43 slides

UC.yber; OWASP Chapter The University of Cincinnati's Official Cybersecurity Chapter What is

UC.yber; OWASP Chapter The University of Cincinnati's Official Cybersecurity Chapter What is OWASP? Open Web Application Security Project Non-profit organization focused on improving security of software. They have some GREAT info on

372 views • 9 slides

Insecurity in Informaton Technology Tanya Janca Tanya.Janca@owasp.org OWASP Otawa Chapter

Insecurity in Informaton Technology Tanya Janca Tanya.Janca@owasp.org OWASP Otawa Chapter Leader OWASP DevSlop Project Leader @SheHacksPurple About Me The Im Qualifed Slide Tanya Janca: Applicaton security evangelist, web

1k views • 82 slides

New Privacy in Android 11 and OWASP Mobile Security Albert Hsieh OWASP 200

New Privacy in Android 11 and OWASP Mobile Security Albert Hsieh OWASP 200 OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP Dependency-Track

751 views • 55 slides

OWASP Foundation OWASP does not endorse or recommend commercial products or services , allowing our

OWASP Foundation OWASP does not endorse or recommend commercial products or services , allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. OWASP Foundation, NYC Chapter

382 views • 23 slides

Welcome to the OWASP Toronto Meetup Hello, and happy 2018! Announcement: OWASP Top 10 2017

Welcome to the OWASP Toronto Meetup Hello, and happy 2018! Announcement: OWASP Top 10 2017 Changes between 2013 and 2017 Hi, I am X. How do I get into AppSec/Security? OWASP Toronto Chapter January 17, 2018 Topics Overviews, Career Paths,

372 views • 36 slides

OWASP Daniel Brzozowski daniel@brzozowski.biz Agenda 1. Few words about OWASP 2. Owasp resources

OWASP Daniel Brzozowski daniel@brzozowski.biz Agenda 1. Few words about OWASP 2. Owasp resources 3. Setting up workstations 4. OWASP WebScarab/OWASP WebScarab-NG 5. O2 Platform About me In London since October 2010 Before that MCPD, MCTS,

747 views • 58 slides

OWASP Top Ten Kirk Jackson OWASP NZ RedShield https://www.meetup.com/ kirk@pageofwords.com

Introduction to the OWASP Top Ten Kirk Jackson OWASP NZ RedShield https://www.meetup.com/ kirk@pageofwords.com OWASP-Wellington/ http://hack-ed.com www.owasp.org.nz Recordings: @kirkj @owaspnz https://goo.gl/a2VSG2 What is OWASP? Open

880 views • 45 slides

Feedbacks on 10y of pentesting and DFIR How to increase your detection capabilities Julien

Feedbacks on 10y of pentesting and DFIR How to increase your detection capabilities Julien Bachmann @milkmix_ 24 April 2017 OWASP, Geneva INTRO 1 24/04/2017 OWASP, Geneva ABOUT ME 3 Julien Bachmann Current CTO @ Hacknowledge Swiss

677 views • 40 slides

GAVIS MEASLES AND RUBELLA STRATEGY BOARD MEETING Stefano Malvolti 2-3 December 2015, Geneva

GAVIS MEASLES AND RUBELLA STRATEGY BOARD MEETING Stefano Malvolti 2-3 December 2015, Geneva Reach every child www.gavi.org MCV1 coverage stagnated for past 5 years putting at risk achievement of GVAP goals 2015 2015* 2000 2015 2012

467 views • 10 slides

IPU Preparatory meeting in Geneva 19/ 10/ 2015 Alain DES TEXHE Rapport eur S enat or,

IPU Preparatory meeting in Geneva 19/ 10/ 2015 Alain DES TEXHE Rapport eur S enat or, Belgium Great barrier reef- Australia African Intangible Cultural Heritage Colosseum Italy Banaue, rice terraces- Philippines Incas roads

855 views • 38 slides

Pushing Left, Like a Boss Application Security Foundations Tanya Janca Tanya.Janca@owasp.org

Pushing Left, Like a Boss Application Security Foundations Tanya Janca Tanya.Janca@owasp.org OWASP Ottawa Chapter Leader OWASP DevSlop Project Leader @sheHacksPurple About Me Who am I? Im Tanya Janca; Application security evangelist, web

434 views • 30 slides

Internet of Things (IoT) OWASP Top 10 IoT Vulns and Exploits of Smart Devices ITAC 2015 29

Internet of Things (IoT) OWASP Top 10 IoT Vulns and Exploits of Smart Devices ITAC 2015 29 Sept 2015 Presen sented ed b by: Francis Brown & Steve Christiaens Bishop Fox, LLC www.bishopfox.com Agenda O V E R V I E W Introd

981 views • 86 slides

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access

209 views • 6 slides

CEO Board presentation Seth Berkley MD 2 nd December 2015 Geneva Board meeting 2-3 December

BIGGER PICTURE GAVI UPDATES 2011-2015 RESULTS 2016-2020 REACHING EVERY CHILD GEARING UP CEO Board presentation Seth Berkley MD 2 nd December 2015 Geneva Board meeting 2-3 December 2015 THE BIGGER PICTURE Gavis involvement BIGGER

1.08k views • 74 slides

Will you be PCI DSS Compliant by September 2010? Michael DSa, Visa Canada Presentation to

Will you be PCI DSS Compliant by September 2010? Michael DSa, Visa Canada Presentation to OWASP Toronto Chapter Presentation to OWASP Toronto Chapter Toronto, ON 19 August 2009 Security Environment As PCI DSS compliance rates rise, new

581 views • 34 slides

Seventh Multi-year Expert Meeting on Commodities and Development 15-16 April 2015 Geneva

Seventh Multi-year Expert Meeting on Commodities and Development 15-16 April 2015 Geneva Strengthening Smallholder Resilience to Shocks from the Demand-Side: Emerging Evidence from the Purchase for Progress Pilot By Steven Were Omamo

296 views • 15 slides

REPORT BOARD MEETING Simon Lamb, Audit and Investigations 10-11 June 2015, Geneva Reach every

INTERNAL AUDITORS REPORT BOARD MEETING Simon Lamb, Audit and Investigations 10-11 June 2015, Geneva Reach every child Gavi Board meeting www.gavi.org 10 11 June 2015 Perspective: 2013 - 2015 Reporting to the Board and AFC

189 views • 6 slides