github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added .NET and Python to description on site index page.

Browse Source 
Former-commit-id: 94f09b4e66452afc111db493d4e7195170441b5d
This commit is contained in:
Dale Visser
2015-06-04 10:23:56 -04:00
parent 5e635224e2
commit c3baf36eb5
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/site/markdown/index.md
View File

@@ -1,16 +1,18 @@
About
====================
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: [A9 -
Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java applications (and their
dependent libraries) to identify known vulnerable components.
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
[A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java, .NET and Python
applications (and their dependent libraries) to identify known vulnerable
components.
The problem with using known vulnerable components was covered in a paper by Jeff
Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of Insecure
Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)" (registration required).
The gist of the paper is that we as a development community include third party
libraries in our applications that contain well known published vulnerabilities
\(such as those at the [National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\).
The problem with using known vulnerable components was covered in a paper by
Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of
Insecure Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)"
(registration required). The gist of the paper is that we as a development
community include third party libraries in our applications that contain well
known published vulnerabilities \(such as those at the
[National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\).
More information about dependency-check can be found here: