We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil
We Hack Purple Podcast12/23/22 • 53 min
The importance of open source security management made headlines in 2017 when the Equifax breach resulted in the compromise of the personal information of millions of users. The breach was attributed to the use of a known vulnerable version of the Apache Struts open source framework. Since then, we’ve seen a rise in the disclosure (and exploitation) of vulnerabilities in open source software, such as the famous Log4Shell vulnerability that was dubbed as the “worst security flaw of the decade”.
This resulted in studies being conducted and determining that open-source components make up more than half of an application codebase. The security implications of such a ratio can be significant. While organizations spend considerable time and effort ensuring that the custom code developed by them is secure, usually little to no consideration is put into evaluating the security of the used open-source components. This presentation will introduce Software Composition Analysis (SCA) - the process of identifying vulnerabilities in open-source dependencies. We’ll discuss the criteria you should consider when selecting an SCA solution and the importance of integrating such tools in your DevOps pipelines.
Rana is an application security engineer consultant currently working at C3SA. She has a diverse professional background with experience in software development, quality assurance and pentesting. She holds a Bachelor and Master’s degree in Mathematics and Computer Science from the University of Ottawa. She has spoken about her research and work at several local and international conferences. In her non-existent free time, you can find her posting educational videos and holding workshops through her Academy and YouTube channel. She has received several awards and honorable mentions for her research and contributions to the cybersecurity community.
Speaker Links:
Youtube Channel: https://www.youtube.com/c/RanaKhalil101
Academy: https://ranakhalil.com/
Twitter: https://twitter.com/rana__khalil
LinkedIn: https://www.linkedin.com/in/ranakhalil1/
Medium Blog: https://ranakhalil101.medium.com/
12/23/22 • 53 min
We Hack Purple Podcast - We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil
Transcript
welcome everyone to a we hack purple stream I'm Tanya Janka your host and
Amanda's also helping me host but today we have a special guest and her name's Rana she's my friend she's ridiculously
awesome and I'm so happy she said yes to being like being on our stream and so you
might notice I've tweeted about her a lot so she's finally here I'm really excited and with this Rana please take
it away hi everyone uh thanks for having me Tanya I'm very excited to be here as
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/we-hack-purple-podcast-273079/we-hack-purple-streams-securing-open-source-dependencies-its-not-just-33009806"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to we hack purple streams! securing open source dependencies its not just your code that you need to secure with rana khalil on goodpods" style="width: 225px" /> </a>
Copy