Securing your Dependencies with Nina Juliadotter
What does it take to make an application resilient to exploits? Caring about more than just the code you wrote! While at NDC in Sydney, Carl and Richard talked to Nina Juliadotter about securing all the code in your application - including the open source libraries that your application takes dependencies on. Nina talks about building tests into your CI/CD pipeline to evaluate all the libraries in your project to figure out what is in your application and what the current versions are. Do you keep all your libraries up to date? They're the most likely versions to be secure!
Guests:
Nina Juliadotter
Nina Juliadotter was a software developer who became tired of reading about data breaches caused by insecure source code and decided to do something about it. Currently a Principal Application Security Consultant, she helps software developers write secure applications that keep data safe.
Links:
- Snyk https://snyk.io/
- Black Duck https://www.blackducksoftware.com/
- Whitesource https://www.whitesourcesoftware.com/
- OWASP Top 10 https://www.owasp.org/index.php/Top_10-2017_Top_10
- Target Breach https://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/
- Equifax Breach https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/