Sign up to save your podcasts
Or
Share We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil
The importance of open source security management made headlines in 2017 when the Equifax breach resulted in the compromise of the personal information of millions of users. The breach was attributed to the use of a known vulnerable version of the Apache Struts open source framework. Since then, we’ve seen a rise in the disclosure (and exploitation) of vulnerabilities in open source software, such as the famous Log4Shell vulnerability that was dubbed as the “worst security flaw of the decade”.
This resulted in studies being conducted and determining that open-source components make up more than half of an application codebase. The security implications of such a ratio can be significant. While organizations spend considerable time and effort ensuring that the custom code developed by them is secure, usually little to no consideration is put into evaluating the security of the used open-source components. This presentation will introduce Software Composition Analysis (SCA) - the process of identifying vulnerabilities in open-source dependencies. We’ll discuss the criteria you should consider when selecting an SCA solution and the importance of integrating such tools in your DevOps pipelines.
Rana is an application security engineer consultant currently working at C3SA. She has a diverse professional background with experience in software development, quality assurance and pentesting. She holds a Bachelor and Master’s degree in Mathematics and Computer Science from the University of Ottawa. She has spoken about her research and work at several local and international conferences. In her non-existent free time, you can find her posting educational videos and holding workshops through her Academy and YouTube channel. She has received several awards and honorable mentions for her research and contributions to the cybersecurity community.
Speaker Links:
Youtube Channel: https://www.youtube.com/c/RanaKhalil101
Academy: https://ranakhalil.com/
Twitter: https://twitter.com/rana__khalil
LinkedIn: https://www.linkedin.com/in/ranakhalil1/
Medium Blog: https://ranakhalil101.medium.com/
View all episodes
By We Hack Purple!
4.9
1414 ratings
The importance of open source security management made headlines in 2017 when the Equifax breach resulted in the compromise of the personal information of millions of users. The breach was attributed to the use of a known vulnerable version of the Apache Struts open source framework. Since then, we’ve seen a rise in the disclosure (and exploitation) of vulnerabilities in open source software, such as the famous Log4Shell vulnerability that was dubbed as the “worst security flaw of the decade”.
This resulted in studies being conducted and determining that open-source components make up more than half of an application codebase. The security implications of such a ratio can be significant. While organizations spend considerable time and effort ensuring that the custom code developed by them is secure, usually little to no consideration is put into evaluating the security of the used open-source components. This presentation will introduce Software Composition Analysis (SCA) - the process of identifying vulnerabilities in open-source dependencies. We’ll discuss the criteria you should consider when selecting an SCA solution and the importance of integrating such tools in your DevOps pipelines.
Rana is an application security engineer consultant currently working at C3SA. She has a diverse professional background with experience in software development, quality assurance and pentesting. She holds a Bachelor and Master’s degree in Mathematics and Computer Science from the University of Ottawa. She has spoken about her research and work at several local and international conferences. In her non-existent free time, you can find her posting educational videos and holding workshops through her Academy and YouTube channel. She has received several awards and honorable mentions for her research and contributions to the cybersecurity community.
Speaker Links:
Youtube Channel: https://www.youtube.com/c/RanaKhalil101
Academy: https://ranakhalil.com/
Twitter: https://twitter.com/rana__khalil
LinkedIn: https://www.linkedin.com/in/ranakhalil1/
Medium Blog: https://ranakhalil101.medium.com/
More shows like We Hack Purple Podcast
View all
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
625 Listeners
The Changelog: Software Development, Open Source
284 Listeners
Grumpy Old Geeks
6,021 Listeners
Hacked
183 Listeners
CyberWire Daily
1,007 Listeners
Soft Skills Engineering
272 Listeners
Unsupervised Learning
135 Listeners
The Application Security Podcast
36 Listeners
Smashing Security
312 Listeners
Malicious Life
928 Listeners
Darknet Diaries
7,862 Listeners
Hacking Humans
313 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
33 Listeners