December Event - G0rking | Software Composition Analysis 101

Dec 8, 2021 · Toronto, Canada

LIGHTNING TALK
------------------------

G0rking – Google dorking made easy

Summary:

The presentation will cover briefly what google dorking is, then I will proceed with what is an OWASP project, how one can contribute, how to find various OWASP project, and one or two examples of G0rking usage

Presenter:

Ignatius Asikin

Ignatius is a Senior consultant who specializes in offensive security. Aside from offensive security practices, Ignatius has also led numerous cyber maturity assessment engagements, architecture review, and is currently an instructor at Seneca College.

TALK
-------

Software Composition Analysis 101: Knowing what’s inside your apps

Summary:

The term Software Composition Analysis (SCA) is relatively new to the security world. However, similar approaches have been used since the early 2000s to indicate security verifications on open source components. SCA has become an evolution of that. It is the process of identifying and listing all the components and versions present in the code and checking each specific service and looking for outdated or vulnerable libraries that may impose security risks to the application. These tools can also check for legal issues regarding the use of open-source software with different licensing terms and conditions. Nevertheless, how those SCA tools work, and how can they help identify and remediate issues on open source libraries used in a codebase? This talk aims to focus on and explain to the audience by showing how these tools work and the main pieces of information that these tools rely on, such as the application manifest, vulnerability data sources, and dependency metadata.

Audience Takeaways
SCA tools and techniques are here to stay, and their usage is increasing in many organizations where security is a priority. Unfortunately, AppSec teams cannot keep up with all the new vulnerabilities published daily. Make sure to look for solutions that can adequately adapt to your own way of building software. They need to cover the programming languages used in your organization and identify issues on indirect dependencies, not just relying on public CVEs to find those issues.

Presenter:

Magno Logan works as an Information Security Specialist for Trend Micro. He specializes in Cloud, Container and Application Security Research, Threat Modelling and Red Teaming. He has been tapped as a resource speaker for numerous security conferences around the globe. He is also a member of the CNCF SIG-Security team

Event organizers

Are you organizing December Event - G0rking | Software Composition Analysis 101?

Claim the event and start manage its content.

I am the organizer
Social
Topics
Rating

based on 0 reviews

Featured Events