Difference between revisions of "OWASP AppSec DC 2012/The Unfortunate Reality of Insecure Libraries"

From OWASP
Jump to: navigation, search
 
(One intermediate revision by one user not shown)
Line 2: Line 2:
 
__NOTOC__
 
__NOTOC__
 
== The Presentation  ==
 
== The Presentation  ==
Many organizations have started application security programs to focus on finding and subsequently preventing vulnerabilities in their custom code. However, the widespread use of common libraries introduces risks that are widely ignored and unappreciated. In this study, we analyze over 113 million library downloads from the Maven Central repository of the 31 most popular Java frameworks and security libraries by over 60,000 companies. The data show that there are a surprising amount of libraries with known vulnerabilities in common use.  The data reveal some very interesting facts about our use of libraries, and we conclude that most organizations do not appear to have a strong process in place for ensuring that the libraries they rely on are up-to-date and free from known vulnerabilities.
+
Many organizations have started application security programs to focus on finding and subsequently preventing vulnerabilities in their custom code. However, the widespread use of common libraries introduces risks that are widely ignored and unappreciated. In this study, we analyze over 113 million library downloads from the Maven Central repository of the 31 most popular Java frameworks and security libraries by over 500,000 companies. The data show that there are a surprising amount of libraries with known vulnerabilities in common use.  We also conclude that most organizations do not appear to have a strong process in place for ensuring that the libraries they rely on are up-to-date and free from known vulnerabilities.
 
== The Speakers  ==
 
== The Speakers  ==
 
<table>
 
<table>
Line 14: Line 14:
 
<td>
 
<td>
 
===Jeff Williams===
 
===Jeff Williams===
[[Image:Owasp_logo_normal.jpg|left]]Bio TBA
+
[[Image:AppSecDC12-Williams.jpg|left]]As a pioneer in the software development and security field, Jeff Williams is one of the world's foremost experts on application security. Williams is the co-founder and CEO of Aspect Security, a consulting firm focused exclusively on application security that supports a worldwide clientele with critical applications in the government, defense, financial, healthcare, services and retail sectors. Williams and his team at Aspect Security are founding members of the Open Web Application Security Project (OWASP), through which Williams has made industry contributions including: the OWASP Top Ten, Enterprise Security API (ESAPI), Application Security Verification Standard (ASVS), Risk Rating Methodology and WebGoat. Williams holds advanced degrees in psychology, computer science and human factors, and graduated cum laude from Georgetown Law.
 
</td>
 
</td>
 
</tr>
 
</tr>
 
</table>
 
</table>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>
 
<noinclude>{{:OWASP AppSec DC 2012 Footer}}</noinclude>

Latest revision as of 13:32, 25 March 2012

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Many organizations have started application security programs to focus on finding and subsequently preventing vulnerabilities in their custom code. However, the widespread use of common libraries introduces risks that are widely ignored and unappreciated. In this study, we analyze over 113 million library downloads from the Maven Central repository of the 31 most popular Java frameworks and security libraries by over 500,000 companies. The data show that there are a surprising amount of libraries with known vulnerabilities in common use. We also conclude that most organizations do not appear to have a strong process in place for ensuring that the libraries they rely on are up-to-date and free from known vulnerabilities.

The Speakers

Arshan Dabirsiaghi

Owasp logo normal.jpg
Bio TBA

Jeff Williams

AppSecDC12-Williams.jpg
As a pioneer in the software development and security field, Jeff Williams is one of the world's foremost experts on application security. Williams is the co-founder and CEO of Aspect Security, a consulting firm focused exclusively on application security that supports a worldwide clientele with critical applications in the government, defense, financial, healthcare, services and retail sectors. Williams and his team at Aspect Security are founding members of the Open Web Application Security Project (OWASP), through which Williams has made industry contributions including: the OWASP Top Ten, Enterprise Security API (ESAPI), Application Security Verification Standard (ASVS), Risk Rating Methodology and WebGoat. Williams holds advanced degrees in psychology, computer science and human factors, and graduated cum laude from Georgetown Law.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg