github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-18 23:34:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added .NET and Python to description on site index page.

Browse Source 
Former-commit-id: 94f09b4e66452afc111db493d4e7195170441b5d
This commit is contained in:
Dale Visser
2015-06-04 10:23:56 -04:00
parent 5e635224e2
commit c3baf36eb5
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/site/markdown/index.md
View File

@@ -1,16 +1,18 @@
About About
==================== ====================
OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry: [A9 - OWASP dependency-check is an open source solution the OWASP Top 10 2013 entry:
Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities). [A9 - Using Components with Known Vulnerabilities](https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities).
Dependency-check can currently be used to scan Java applications (and their Dependency-check can currently be used to scan Java, .NET and Python
dependent libraries) to identify known vulnerable components. applications (and their dependent libraries) to identify known vulnerable
components.
The problem with using known vulnerable components was covered in a paper by Jeff The problem with using known vulnerable components was covered in a paper by
Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of Insecure Jeff Williams and Arshan Dabirsiaghi titled, "[The Unfortunate Reality of
Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)" (registration required). Insecure Libraries](http://www1.contrastsecurity.com/the-unfortunate-reality-of-insecure-libraries?&__hssc=92971330.1.1412763139545&__hstc=92971330.5d71a97ce2c038f53e4109bfd029b71e.1412763139545.1412763139545.1412763139545.1&hsCtaTracking=7bbb964b-eac1-454d-9d5b-cc1089659590%7C816e01cf-4d75-449a-8691-bd0c6f9946a5)"
The gist of the paper is that we as a development community include third party (registration required). The gist of the paper is that we as a development
libraries in our applications that contain well known published vulnerabilities community include third party libraries in our applications that contain well
\(such as those at the [National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\). known published vulnerabilities \(such as those at the
[National Vulnerability Database](http://web.nvd.nist.gov/view/vuln/search)\).
More information about dependency-check can be found here: More information about dependency-check can be found here: