From ee9ea74a8798fc910aaf65a69673b03729227327 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Wed, 8 Oct 2014 06:30:53 -0400 Subject: [PATCH] fixed link --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 54afccc7c..3c84fbdd6 100644 --- a/index.html +++ b/index.html @@ -307,7 +307,7 @@

About

Dependency-check is an open source solution the OWASP Top 10 2013 entry: A9 - Using Components with Known Vulnerabilities. Dependency-check can currently be used to scan Java applications (and their dependent libraries) to identify known vulnerable components.

-

The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, “The Unfortunate Reality of Insecure Libraries”. The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the National Vulnerability Database).

+

The problem with using known vulnerable components was covered in a paper by Jeff Williams and Arshan Dabirsiaghi titled, "The Unfortunate Reality of Insecure Libraries" (registration required). The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the National Vulnerability Database).

More information about dependency-check can be found here: