Software Composition Analysis

Focused View

Malcolm Shore

50:53

232 View

01 - Introduction

01 - Protecting against embedded component threats.mp4

00:34

02 - What you should know.mp4

00:51

03 - Disclaimer.mp4

00:54

02 - 1. Software Components

01 - Understanding software components.mp4

03:36

02 - Understanding software bill of materials (SBOM).mp4

03:08

03 - Software component licensing.mp4

02:22

04 - Software component security.mp4

03:32

05 - Running a component exploit.mp4

05:07

06 - Building your own vulnerable component.mp4

04:16

03 - 2. Software Composition Analysis Tools

01 - What is software composition analysis.mp4

05:44

02 - OWASP and the CycloneDX SBOM exchange.mp4

03:39

03 - Analyzing software with SCANOSS.mp4

02:31

04 - Thinking about component vulnerabilities.mp4

02:44

05 - Checking for software component vulnerabilities.mp4

02:52

06 - Scanning with an automated SCA tool.mp4

02:07

07 - Using the OWASP dependency checker.mp4

03:38

08 - Identifying the origin of software components.mp4

02:30

04 - Conclusion

01 - What's next.mp4

00:48

Description

Component libraries are critical for secure software development. They’re included in the frameworks used to run your end systems and web applications, but sometimes the components contain flaws. In this course, instructor Malcolm Shore gives an overview of the basic concepts of software composition analysis, showing you common tools to perform an effective analysis.

Discover the importance of knowing how to extract a software bill of materials, especially when you want to pinpoint vulnerabilities to protect your software from potential attacks. Get tips on identifying components that might lead to a security breach, as you explore which software composition analysis tools to use for each attack. Malcolm gives you pointers on using the CycloneDX SBOM exchange, SCANOSS, the ShiftLeft SCA tool, and the OWASP dependency checker. By the end of this course, you’ll be equipped with the skills to understand software component analysis and keep your software running safely and securely.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Technical Analysis

Malcolm Shore

Instructor's Courses

Wide range of IT experience ranging from systems programming to policy and strategic planning. Strong expertise in applied IT security, focused on policy and governance. Teaching post graduate security (forensics, information warfare, security management, applied cryptography) Past interests include virtual worlds and web3d developments. Current work focusing on Cloud, security architectures, and national-level cybersecurity Specialties: SABSA, Cloud, Cryptography, Cybersecurity Strategy, Network Survivability

Linkedin Learning

View courses Linkedin Learning

LinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications. It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.