Sprint #5: Making good library choices

Welcome to the first sprint of OneHourAppSec – we’re so thrilled to have you here with us, dedicating your time to application security. How good!

This sprint, we will lay the foundations for the work ahead of us. Our sprint goal:

  1. Understanding what software you have so we can plan to secure it
  2. Understanding the concept of security debt and making sure we can track it
  3. There is a lot to do but we will do it in small chunks to make it more manageable.

Let’s get into it 👏


📽️ [VIDEO] Introducing Sprint 5 (2 minutes)

Welcome to sprint five, where we dig into our plan for the next two weeks and the importance of choosing our 3rd party components wisely.

📽️ [VIDEO] What is supply chain security and what does it have to do with you? (5 minutes)

In AppSec we like to invent fancy terms for things, today we will look at one of these “supply chain security”. What does this mean and why is it important to us as software developers?

📑 Create and try out your own library selection process (35 minutes)

Now that you understand what to look for, its time to create and try out a process for reviewing new libraries in your context. Use our helpful template as a guide.

📽️ [VIDEO] Interview: Life as a vulnerability researcher (8 minutes)

Meet Selim Enes Karaduman, a professional software vulnerability researcher. In this short video they explain what their role and the importance of keeping our 3rd party software safe.

📽️ [VIDEO] Watch-along - Reviewing a 3rd party library with a security lens (10 minutes)

Join Laura as she reviews a potential 3rd party library for her project and shares what she is looking for from a security perspective.

Share the Post:


More Posts

Sprint #7: Getting on with an SBOM

This sprint, we’re going to build an artifact to support the work we did in sprints five and six. In the last two sprints, we looked at how we choose technologies to integrate into our software. In this sprint, we will learn about a common way to communicate this list of technologies – the SBOM (or Software Bill of Materials). Increasingly required for regulation, compliance, and even to sell to larger organizations, your SBOM may end up being more important than you realize.

Sprint #6: Looking after your libraries

This sprint we look at what happens to those libraries once we have them in place and what we need to do from a security perspective to keep them and us safe.

Understanding why 3rd party components can pose a risk to our software supply chain

Examining a 3rd party library from a security perspective and learning what to look for.

Putting a lightweight process in for accepting new components into your stack.

Start your free trial today

Sign up for a 14-day trial of our team plan and invite your whole team. 

No credit card required.