OWASP Top 10 Vulnerabilities: #9 Using components with Known Vulnerabilities

This 6 minute video by IBM’s ethical hacking team outlines how some reusable, opensource, software (aka as 3rd party components) which contain vulnerabilities. Twenty year old code may have vulnerabilities that no-one is updating or addressing.  In 2014, Heartbleed and Shellshock left users of these 3rd party open source code at risk without a direct way to produce a patch or mitigate the risk short of removing the software from their environments. This video outlines these considerations by showing how they were exploited in the above two examples.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.