SecAppDev 2023 lecture details
Third-party library security management
Managing third party library dependence is one of the most difficult challenges in software development and requires significant process and technical discipline. This session offers actionable advice on getting this challenge under control.
Wednesday June 14th, 14:00 - 15:30
Room West Wing
Download handoutsAbstract
Managing third party library dependence is one of the most difficult challenges in software development. The OWASP Top Ten 2021 states you are vulnerable if (1) you do not scan for vulnerabilities regularly, (2) you do not fix or upgrade dependencies in a risk-based, timely fashion, and (3) software developers do not test the compatibility of updated, upgraded, or patched libraries.
In this session, we present a series of engineering suggestions to conquer these challenges. You will walk away with an actionable set of guidelines to help you manage the security of your third-party libraries.
Key takeaway
To handle third-party dependencies securely, you need to reduce the amount of libraries you use, vet the ones you use, and keep them up to date
Content level
Deep-dive
Target audience
All software developers
Prerequisites
Experience with building and maintaining software
Related lectures
Fantastic software supply-chain vulnerabilities
Introductory lecture by Abhay Bhargav in room Lemaire
Tuesday June 13th, 09:00 - 10:30
This session dives into software supply-chain vulnerabilities, defense strategies, and risk mitigation. Attendees will gain insights and tools to build resilient supply chains and protect organizations from evolving threats.
Key takeaway: A comprehensive understanding of the current state of software supply-chain vulnerabilities and comprehensive defensive strategies
Building a secure Software Development Lifecycle
Introductory lecture by Avi Douglen in room West Wing
Monday June 12th, 11:00 - 12:30
How does an SDLC become a secure SDLC? In this session, we use real-world stories to identify and overcome challenges to integrate security into a development lifecycle. You will learn how to build and implement a high-value AppSec program.
Key takeaway: Learn how to initiate a software security program, manage the program on ongoing basis, keep it sustainable, and build stakeholder engagement and buy-in
OpenAPI: the common language of APIs
Deep-dive lecture by Isabelle Mauny in room Lemaire
Monday June 12th, 14:00 - 15:30
Understand how API contracts can be written in with the OpenAPI standard and leveraged across the API lifecycle, including for security.
Key takeaway: Learning about the power and extensibility of OpenAPI and its application across the API lifecycle.