Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
We Hack Purple Podcast - We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil

We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil

We Hack Purple Podcast

12/23/22 • 53 min

plus icon
bookmark
Share icon

The importance of open source security management made headlines in 2017 when the Equifax breach resulted in the compromise of the personal information of millions of users. The breach was attributed to the use of a known vulnerable version of the Apache Struts open source framework. Since then, we’ve seen a rise in the disclosure (and exploitation) of vulnerabilities in open source software, such as the famous Log4Shell vulnerability that was dubbed as the “worst security flaw of the decade”.
This resulted in studies being conducted and determining that open-source components make up more than half of an application codebase. The security implications of such a ratio can be significant. While organizations spend considerable time and effort ensuring that the custom code developed by them is secure, usually little to no consideration is put into evaluating the security of the used open-source components. This presentation will introduce Software Composition Analysis (SCA) - the process of identifying vulnerabilities in open-source dependencies. We’ll discuss the criteria you should consider when selecting an SCA solution and the importance of integrating such tools in your DevOps pipelines.
Rana is an application security engineer consultant currently working at C3SA. She has a diverse professional background with experience in software development, quality assurance and pentesting. She holds a Bachelor and Master’s degree in Mathematics and Computer Science from the University of Ottawa. She has spoken about her research and work at several local and international conferences. In her non-existent free time, you can find her posting educational videos and holding workshops through her Academy and YouTube channel. She has received several awards and honorable mentions for her research and contributions to the cybersecurity community.
Speaker Links:
Youtube Channel: https://www.youtube.com/c/RanaKhalil101
Academy: https://ranakhalil.com/
Twitter: https://twitter.com/rana__khalil
LinkedIn: https://www.linkedin.com/in/ranakhalil1/
Medium Blog: https://ranakhalil101.medium.com/

12/23/22 • 53 min

plus icon
bookmark
Share icon

We Hack Purple Podcast - We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil

Transcript

welcome everyone to a we hack purple stream I'm Tanya Janka your host and

Amanda's also helping me host but today we have a special guest and her name's Rana she's my friend she's ridiculously

awesome and I'm so happy she said yes to being like being on our stream and so you

might notice I've tweeted about her a lot so she's finally here I'm really excited and with this Rana please take

it away hi everyone uh thanks for having me Tanya I'm very excited to be here as

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/we-hack-purple-podcast-273079/we-hack-purple-streams-securing-open-source-dependencies-its-not-just-33009806"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to we hack purple streams! securing open source dependencies its not just your code that you need to secure with rana khalil on goodpods" style="width: 225px" /> </a>

Copy