From c3baf36eb5a1501c7e1f25536f794707676f1e7a Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Thu, 4 Jun 2015 10:23:56 -0400 Subject: [PATCH 1/2] Added .NET and Python to description on site index page. Former-commit-id: 94f09b4e66452afc111db493d4e7195170441b5d --- src/site/markdown/index.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/src/site/markdown/index.md b/src/site/markdown/index.md index 4371952ce..a8a9ccb77 100644 --- a/src/site/markdown/index.md +++ b/src/site/markdown/index.md @@ -1,16 +1,18 @@ About ==================== -OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: [A9 - -Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities). -Dependency-check can currently be used to scan Java applications (and their -dependent libraries) to identify known vulnerable components. +OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: +[A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities). +Dependency-check can currently be used to scan Java, .NET and Python +applications (and their dependent libraries) to identify known vulnerable +components. -The problem with using known vulnerable components was covered in a paper by Jeff -Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of Insecure -Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)" (registration required). -The gist of the paper is that we as a development community include third party -libraries in our applications that contain well known published vulnerabilities -\(such as those at the [National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\). +The problem with using known vulnerable components was covered in a paper by +Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of +Insecure Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)" +(registration required). The gist of the paper is that we as a development +community include third party libraries in our applications that contain well +known published vulnerabilities \(such as those at the +[National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\). More information about dependency-check can be found here: From 712252eb6b06e743659cf551190147653dd21dc5 Mon Sep 17 00:00:00 2001 From: Dale Visser Date: Thu, 4 Jun 2015 10:38:01 -0400 Subject: [PATCH 2/2] Fixed broken links. Former-commit-id: b14061de70552c56a81742c1bc35ffb322f75d54 --- src/site/markdown/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/site/markdown/index.md b/src/site/markdown/index.md index a8a9ccb77..5f0f75248 100644 --- a/src/site/markdown/index.md +++ b/src/site/markdown/index.md @@ -16,8 +16,8 @@ known published vulnerabilities \(such as those at the More information about dependency-check can be found here: -* [How does dependency-check work](./internals.html) -* [How to read the report](./thereport.html) +* [How does dependency-check work](general/internals.html) +* [How to read the report](general/thereport.html) * [The OWASP dependency-check mailing list](./mail-lists.html) OWASP dependency-check's core analysis engine can be used as: