Secure Coding: Using Components with Known Vulnerabilities
Course info



Course info



Description
Do you know if old components you are using are up to date, or contain published vulnerabilities? This course teaches you all about how to reduce the risk when using third-party components. First, you will learn about how to combine the abundance of open source software and component re-use. Next, you will discover how to achieve faster time to market with a plethora of languages, frameworks and package managers. Finally, you will learn about the patch management process. By the end of this course, you will know how to take a methodical approach towards reducing the risk, from installation and versioning all the way to virtual patching and software composition analysis.
Section Introduction Transcripts
Course Overview
Hi everyone. My name is Peter Mosmans, and welcome to my course on Secure Coding: Using Components with Known Vulnerabilities. I am a former software developer, now a lead penetration tester working for multiple companies around the globe. Do you know whether all the components you're using are up to date? Do you know whether they contain published vulnerabilities or not? In fact, do you have an overview of all installed software and its dependencies? If you answered no to any of these questions, fear not. Using, or actually reusing, third-party components with known vulnerabilities is a wide-spread problem. Therefore, in this course, we are going to look at the underlying problems and learn new mitigation strategies and automation. Some of the major topics that we will cover include virtual patching, software component analysis tools, mapping software versions against vulnerabilities, patch management process. By the end of this course, you'll know all about using components with known vulnerabilities. Before beginning the course, you should be somewhat familiar with software development, operations, or DevOps. I hope you'll join me on this journey to reduce your risk with the Secure Coding: Using Components with Known Vulnerabilities course here at Pluralsight.