Skip to content

guide security quick S13 Basic Configuration

Jump to bottom
jorge dacal cacantos edited this page May 29, 2018 · 1 revision
Table of Contents

S13 Basic Configuration

This package describes configuration controls to ensure the software is up to date, hardened and secure by default if possible.

S13-1

System does not use libraries or frameworks with known vulnerabilities.

Purpose: To understand the threat of using components with known vulnerabilities please refer to the OWASP pages. Here you can see how the internet articles will write about developers failure of updating critical framework libraries.

Solution: Ensuring the system does not use libraries or frameworks with known vulnerabilities is not a one-time activity. Such security checks must run regularly. OWASP Dependency Check is the most popular open source tool that can help with that in terms of Java libraries. Retire.js can deal with JavaScript.

Consider using these tools as part of your CI/CD pipeline e.g. over Jenkins plugins.

This documentation is licensed under TODO License (CC-ND?, proprietäre Lizenz?)

Application Security Quick Solution Guide

Clone this wiki locally