Secure Coding: Using Components with Known Vulnerabilities

This course explains the risk of using components with known vulnerabilities. It outlines tools and strategies to reduce the overall risk. The course also discusses several methods to enhance the overall security when using third party components.
Course info
Rating
(16)
Level
Intermediate
Updated
Feb 22, 2019
Duration
1h 14m
Table of contents
Description
Course info
Rating
(16)
Level
Intermediate
Updated
Feb 22, 2019
Duration
1h 14m
Description

Do you know if old components you are using are up to date, or contain published vulnerabilities? This course teaches you all about how to reduce the risk when using third-party components. First, you will learn about how to combine the abundance of open source software and component re-use. Next, you will discover how to achieve faster time to market with a plethora of languages, frameworks and package managers. Finally, you will learn about the patch management process. By the end of this course, you will know how to take a methodical approach towards reducing the risk, from installation and versioning all the way to virtual patching and software composition analysis.

About the author
About the author

Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. Since 2004, he started specializing in pentesting complex and feature-rich web applications. Currently, he leads a global team of highly skilled and enthusiastic penetration testers as lead pentester.

More from the author
More courses by Peter Mosmans
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Peter Mosmans, and welcome to my course on Secure Coding: Using Components with Known Vulnerabilities. I am a former software developer, now a lead penetration tester working for multiple companies around the globe. Do you know whether all the components you're using are up to date? Do you know whether they contain published vulnerabilities or not? In fact, do you have an overview of all installed software and its dependencies? If you answered no to any of these questions, fear not. Using, or actually reusing, third-party components with known vulnerabilities is a wide-spread problem. Therefore, in this course, we are going to look at the underlying problems and learn new mitigation strategies and automation. Some of the major topics that we will cover include virtual patching, software component analysis tools, mapping software versions against vulnerabilities, patch management process. By the end of this course, you'll know all about using components with known vulnerabilities. Before beginning the course, you should be somewhat familiar with software development, operations, or DevOps. I hope you'll join me on this journey to reduce your risk with the Secure Coding: Using Components with Known Vulnerabilities course here at Pluralsight.