Dependencies With Known Vulnerabilities

Discover how to recognize and manage security risks from external libraries in your web applications. This lesson teaches you to detect vulnerabilities in dependencies using npm audit and external services like GitHub and snyk.io, ensuring your applications stay secure by staying up-to-date.

We'll cover the following...

Chances are that the application you’re working on right now depends on a plethora of open-source libraries: ExpressJS, a popular web framework for NodeJS, depends on 30 external libraries, and those libraries depend on external libraries, and those…we could go on forever. As a simple exercise, I tried to install a brand-new version of ExpressJS in my system, with interesting results:

$ npm install express
+ express@4.17.1
added 50 packages from 37 contributors and audited 127 packages in 9.072s
found 0 vulnerabilities

Just by installing the latest version of ExpressJS, I’ve included 50 libraries in my codebase. Is that inherently bad? Not at all, but it presents a security risk; the more code we write or use, the larger the attack surface for malicious users becomes.

One ...

1.Introduction

2.Understanding The Browser

3.HTTP

4.Protection through HTTP Headers

5.HTTP Cookies

6.Situationals

7.DDoS Attacks

8.Bug Bounty Programs

9.Conclusion

Project

Dependencies With Known Vulnerabilities