Using a sample web application we will provide an example of a successful web application attack and highlight the importance of proactively finding and fixing open source vulnerabilities. The sample application has passed various checks for vulnerabilities, including select software composition analysis (SCA) tools. Most software composition analysis tools can discover vulnerabilities in direct dependencies, but what about transient dependencies? Paul Asadoorian and Matt Alderman will discuss these questions and the challenges of scanning third-party components and libraries in your applications.
Simon Maple, VP of Developer Relations and Community at Snyk, will provide a live demo of how to fix these vulnerabilities at scale before deploying the application to production. The transient vulnerability can only be discovered using an application graph that shows all dependencies in third-party components and libraries. Simon will demonstrate the benefits of the commercial product, including:
- Deep visibility into applications and containers
- Ease of use by developers
- Intelligent and accurate context to easily remediate vulnerabilities