In this short informational blog post we would like to
- reference 2 tools that check for outdated libraries.
Staying up to date
We recommend to regularly check whether new library versions are available. Ideally, one project member should subscribe to security or announcements newsletters of vital third-party dependencies (if such channels exist). Of course, this task of manually staying up to date is tedious and prone to incidents slipping through the net. Hence, we additionally recommend two little tools here which help to recognise whether outdated third-party libraries are used. Both tools are free software.
OWASP Dependency Check
In this regard, we also recommend using “OWASP Dependency Check” . This utility scans a project for dependencies (e.g. all jar files in the project path) and checks those against vulnerability databases (e.g. the well-known NIST CVE database ). Currently, it primarily aims at Java and .NET projects. In addition to the simple usage as a command line tool, Dependency Check can be integrated into the automated build process (plugins for Maven, Ant, Gradle and Jenkins are available).
Is your web application vulnerable to SQL Injection? With sqlmap you can test it.
CSRF Countermeasures #1: One possibility to prevent CSRF is the usage of an anti-CSRF token.
CSRF stands for “Cross-Site Request Forgery” and is a classic among web application attacks. With this attack, it is possible to perform certain user actions without them noticing it. But how exactly does this attack work?
At the it-sa 2019 we will present our innovative consulting concept Lean Application Security.
Our second office is located in Dresden, the capital of Saxony. Come have a look at our office there!