a9 - using components with known vulnerabilities
TRANSCRIPT
![Page 1: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/1.jpg)
A9 - Using Components with Known Vulnerabilities
GTS 33 | PA 05/2019
![Page 2: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/2.jpg)
GTS 33 | PA 05/2019
Agenda - A9 - Utilização de componentes Vulneráveis Conhecidos
1. Do que se trata?2. Wordpress3. Google Hacking4. Safety5. RetireJS6. huskyCI7. Como se proteger?8. Cimentech
![Page 3: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/3.jpg)
GTS 33 | PA 05/2019
As aplicações que utilizam componentes com vulnerabilidades conhecidas podem minar as
suas defesas e permitir uma gama de possíveis ataques e impactos. Atacantes
podem explorar uma única falha de segurança já conhecida podendo causar
sérias perdas de dados ou comprometimento do servidor.
Do que se trata?
![Page 4: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/4.jpg)
GTS 33 | PA 05/2019Wordpress
![Page 5: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/5.jpg)
GTS 33 | PA 05/2019Google Hacking
![Page 6: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/6.jpg)
GTS 33 | PA 05/2019Google Hacking
![Page 7: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/7.jpg)
GTS 33 | PA 05/2019Safety
![Page 8: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/8.jpg)
GTS 33 | PA 05/2019RetireJS
![Page 9: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/9.jpg)
GTS 33 | PA 05/2019huskyCI
![Page 10: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/10.jpg)
GTS 33 | PA 05/2019
Como se prevenir?
1. Identificar todos os componentes e as versões utilizadas, incluindo todas as dependências. (ex., versões dos plugins). 📚
2. Monitorar componentes que não recebem mais manutenção ou que não recebem mais atualizações de segurança. 🔓
3. Manter os componentes sempre atualizados na versão estável mais recente. 👶
![Page 11: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/11.jpg)
8 - Hands on!
![Page 12: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/12.jpg)
Narrativa do ataque
GTS 33 | PA 05/2019
![Page 13: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/13.jpg)
GTS 33 | PA 05/2019
Hands on!
1. Entrar na pasta da app
2. Inicializar o container
3. Acessar a página
$ make install
$ cd owasp-top10-2017-apps/a9/cimentech
localhost:80
![Page 14: A9 - Using Components with Known Vulnerabilities](https://reader030.vdocuments.net/reader030/viewer/2022012811/61c286e7732cfa39a777e626/html5/thumbnails/14.jpg)
A9 - Using Components with Known Vulnerabilities