github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #243 from dwvisser/docs-index-update

Browse Source 
Add Python, .NET to project description, fixed broken links

Former-commit-id: f192013295457df2d53853e27bc2cbcc8f09ef7b
This commit is contained in:
Jeremy Long
2015-06-05 06:51:45 -04:00
parent f6afea0004 712252eb6b
commit b2019d7633
1 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/site/markdown/index.md
View File

@@ -1,21 +1,23 @@
About
====================
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: [A9 -
Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java applications (and their
dependent libraries) to identify known vulnerable components.
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
[A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java, .NET and Python
applications (and their dependent libraries) to identify known vulnerable
components.
The problem with using known vulnerable components was covered in a paper by Jeff
Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of Insecure
Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)" (registration required).
The gist of the paper is that we as a development community include third party
libraries in our applications that contain well known published vulnerabilities
\(such as those at the [National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\).
The problem with using known vulnerable components was covered in a paper by
Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of
Insecure Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)"
(registration required). The gist of the paper is that we as a development
community include third party libraries in our applications that contain well
known published vulnerabilities \(such as those at the
[National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\).
More information about dependency-check can be found here:
* [How does dependency-check work](./internals.html)
* [How to read the report](./thereport.html)
* [How does dependency-check work](general/internals.html)
* [How to read the report](general/thereport.html)
* [The OWASP dependency-check mailing list](./mail-lists.html)
OWASP dependency-check's core analysis engine can be used as: