https://maarten.mulders.it/categories/cve/Recent content in CVE on Maarten on ITHugoen-us&copy; 2013 - 2026 Maarten MuldersMon, 27 Sep 2021 21:26:41 +0200https://maarten.mulders.it/2016/08/automatic-scan-for-known-vulnerabilities-in-dependencies/Tue, 30 Aug 2016 15:30:40 +0200https://maarten.mulders.it/2016/08/automatic-scan-for-known-vulnerabilities-in-dependencies/<p>When using third-party components (be it open source or not), we all know it&rsquo;s a good practice to keep your frameworks and libraries up to date. This is also one of the spearhead in the <a href="https://www.owasp.org/index.php/Top_10_2013-Top_10">OWASP Top 10 (2013 edition)</a>: <a href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities">A9 - Using Components with Known Vulnerabilities</a>. To help you assess your projects status with regard to this, OWASP.org developed the tool <a href="https://www.owasp.org/index.php/OWASP_Dependency_Check">Dependency Check</a>. This tool is primarily intended code bases in Java, .NET, Ruby, Node.js, and Python. Integration with various build tools is also provided for.</p>