Secure Coding: Using Components with Known Vulnerabilities

Focused View

Peter Mosmans

1:13:25

26 View

0. Course Overview

0. Course Overview.mp4

01:32

1. Using Components with Known Vulnerabilities

0. Course and Module Introduction.mp4

05:28

1. Demo- Finding Exploitable Components.mp4

04:20

2. What Is Using Components with Known Vulnerabilities-.mp4

07:16

3. OWASP Top 10 2017 and Using Components with Known Vulnerabilities.mp4

03:17

4. Software Life Cycle.mp4

02:34

5. Module Summary.mp4

01:12

2. Managing Unsupported or Out-of-date Commercial Software

0. Module Introduction.mp4

01:36

1. Common Platform Enumeration (CPE).mp4

03:24

2. Finding Published Vulnerabilities.mp4

04:00

3. Virtual Patching.mp4

03:24

4. Demo- Finding Vulnerabilities and Creating a Virtual Patch.mp4

04:34

5. Trust When Installing or Updating Components.mp4

02:22

6. Demo- Secure Installation of Node.js.mp4

04:01

7. Module Summary.mp4

01:14

3. Managing Bespoke Software That Uses Third Party Libraries

0. Module Introduction.mp4

01:43

1. Versioning.mp4

03:25

2. Software Composition Analysis.mp4

04:03

3. Automatically Mapping Software Versions against Vulnerabilities.mp4

02:10

4. Demo- Automatically Mapping Software Versions against Vulnerabilities.mp4

05:03

5. Module Summary.mp4

00:45

4. Patch Management Process

0. Module Introduction.mp4

00:35

1. Hardening.mp4

01:34

2. Patch Management Process.mp4

02:15

3. Module and Course Summary.mp4

01:38

Description

This course explains the risk of using components with known vulnerabilities. It outlines tools and strategies to reduce the overall risk. The course also discusses several methods to enhance the overall security when using third party components.

What You'll Learn?

Do you know if old components you are using are up to date, or contain published vulnerabilities? This course teaches you all about how to reduce the risk when using third-party components. First, you will learn about how to combine the abundance of open source software and component re-use. Next, you will discover how to achieve faster time to market with a plethora of languages, frameworks and package managers. Finally, you will learn about the patch management process. By the end of this course, you will know how to take a methodical approach towards reducing the risk, from installation and versioning all the way to virtual patching and software composition analysis.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Programming Fundamentals

Ethical Hacking

Penetration Testing

Peter Mosmans

Instructor's Courses

Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penetration testing tools, and he maintains an extra-featured OpenSSL fork. He likes to speak at international security conferences and meetings, such as OWASP, BSides, OSDC and NullCon - which mixes really well with being a permanent road warrior. Home is 127.0.0.1.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.