InfoconDB

Presented at AppSec USA 2015, Sept. 24, 2015, 1 p.m. (55 minutes)

Organizations are increasingly incorporating open source software into their applications. Leveraging existing software to provide generic functionality results in reduced development costs as well as faster time to market.

However, along with these benefits, this freely available software also comes with an inherent problem - security vulnerabilities. While the advantages of using open source software are obvious, the negative impact on security brought on by their use is insidious.

While organizations spend enormous effort in securing their applications, most of this effort goes toward securing the part of the application that was developed in-house. A relatively small percentage of effort goes toward evaluating vulnerabilities in open source software, if they are considered at all. This makes open source libraries the weakest link in the security chain of an application.

We will present the current status of vulnerabilities in commonly used third party libraries and their impact on your application. We will then discuss an approach to holistically secure your application: a combination of securing in-house code and managing the security risk of third party libraries that are used.

Presenters:

Krishnan Dhandapani - Information Security Professional - Wells Fargo
Krishnan is currently an information security professional at Wells Fargo, involved in research and implementation of security solutions. He combines his solutions with his quest for automation. He graduated from The University of Kansas. What he learns from his profession, he loves to share as an adjunct professor. While not doing information security, he finds his moments of zen in travel, photography, and making kids laugh.

Strengthening the Weakest Link: How to Manage Security Vulnerabilities in Third Party Libraries Used by Your Application

Presenters:

Links:

Similar Presentations: