We want to and are creating fantastic tools that accomplish various tasks, for which our apps no matter their tongue (language c++, JS etc.) or technology use various packages or tools made by other developers from various sources we trust (sometimes arbitrary …simply put dont ) this is very true in case of startups or tight schedule features/products. Maximum priority is given to delivery of the product ( sometimes security ) but we tend to offload securing the dependencies to their sources overlooking the fact that we not only inherit their feature but also their vulnerabilities.

Enter OWASP A9-Using Components with Known Vulnerabilities this is by far the easiest and the most prevalent strategy to exploit application and can be used from simple reconnaissance to a root shell , the end result of using components from third parties that have a established vulnerability in them and there are plenty across every technology in use. A little stat shows most of the breaches are caused because of using components that had a vulnerability in them. …

About

Prahathess

Security Generalist

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store