14 Secure dependencies

This chapter covers

Exploring how blindly trusting dependencies can lead to dangerous attacks
Detecting vulnerable npm packages used in a project
Discovering whether NuGet packages in a project are vulnerable
Automating testing for vulnerable packages

The JavaScript package ua-parser-js (www.npmjs.com/package/ua-parser-js), available via npm, enjoys quite a bit of popularity. The library provides functionality to detect the browser type the client is using, including information about the operating system; device features such as type, model, and CPU; and much more. The package is pretty useful, especially considering how confusing the user agents in modern browsers can be. Here’s one from Microsoft Edge 98 on an iPad: ...

Get ASP.NET Core Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Core Security by Christian Wenz

14 Secure dependencies

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly