Using Known Vulnerable Components

Let’s imagine that you are using open source software which has a flaw recently discovered. This information has already been made public to the community. An attacker could also get to hear about it and exploit such flaws by launching extensive automated scripts to list all vulnerable sites utilizing search engines. Given the fact such flaws usually take some time to get patched, attackers can, in the meantime, exploit the vulnerability to steal sensitive information.

Prevention Measures

Before you use any third party libraries, you must be confident that open-source developers on such apps are carefully vetted and there is a detailed security review before they are used in your production environment.
Stay up to date with all reports of vulnerabilities via mailing lists, RSS feeds etc. and check on all possible repercussions on your application.
Do not disclose the version numbers of any software components anywhere on your application

Using Known Vulnerable Components

Using Known Vulnerable Components

Prevention Measures

results matching ""

No results matching ""