Find and Track the hidden vulnerabilities inside your dependencies (Julien Topçu)

44% of applications contain critical vulnerabilities in an open source component* and this although good practices like OWASP Top 10 have become widespread. Do not let these vulnerabilities incubate warm in the belly of your app! With this talk you'll learn how those vulnerabilities are indexed (NVD, CVE) and how their severity is scored (CVSS). You'll see how to create your first Continuous Security pipeline using Jenkins and OWASP DependencyCheck which detects vulnerabilities and track them using OWASP DependencyTrack (open-source softwares) Do you first step in the DevSecOps philosophy !!! *www.veracode.com/products/software-composition-ana… Voxxed Days Microservices 2018: 2 days conference (+1 optional workshops day) only on Microservices. Follow us on : Website : voxxeddays.com/microservices (bit.ly/vxdmicro) Twitter : twitter.com/vxdmicroservice Linkedin : www.linkedin.com/in/voxxed-days-microservices-9061… Keep in touch : t.co/pxf7cHZOpl #developers #conference #microservices

• #science_technology
• #developers
• #conference
• #microservices