Finding insecure third-party librarys in dependencies, containers, APIs (OWASP Top10 - A9)
The OWASP Top Ten project lists the top 10 (web) application security risks. In this Workshop we will take a close look at number 9: "Using Components With Known Vulnerabilities".
we will try to use (open source) tooling to find known vulnerabilities in 3rd party libraries, containers and APIs, then take a look at how we can automate those tools in our ci/cd pipelines
you don't need to know about security or vulnerability management to do the workshop, we will cover the basics and you can a lot on the way