github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed links

Browse Source
This commit is contained in:
Jeremy Long
2015-06-05 07:03:15 -04:00
parent 057d3c6097
commit a89af4f6a9
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
index.html
View File

@@ -206,15 +206,15 @@
<div id="bodyColumn" class="span9" >
<h1>About</h1>
<p>OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java applications (and their dependent libraries) to identify known vulnerable components.</p>
<p>OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: <a class="externalLink" href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. Dependency-check can currently be used to scan Java, .NET, and Python applications (and their dependent libraries) to identify known vulnerable components.</p>
<p>The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, &#x201c;<a class="externalLink" href="http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&amp;__hssc=92971330.1.1412763139545&amp;__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&amp;hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5">The Unfortunate Reality of Insecure Libraries</a>&#x201d; (registration required). The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the <a class="externalLink" href="http://web.nvd.nist.gov/view/vuln/search">National Vulnerability Database</a>).</p>
<p>More information about dependency-check can be found here:</p>
<ul>
<li><a href="./internals.html">How does dependency-check work</a></li>
<li><a href="general/internals.html">How does dependency-check work</a></li>
<li><a href="./thereport.html">How to read the report</a></li>
<li><a href="general/thereport.html">How to read the report</a></li>
<li><a href="./mail-lists.html">The OWASP dependency-check mailing list</a></li>
</ul>