A9 – Using components with known vulnerabilities

The problem here is external, somehow. There are libraries with vulnerabilities that can be identified and exploited using automated tools. In this way, the threat agent can be expanded beyond well-known forms of attacks, to include an unknown factor of risk.

The official definition defines A9, stating that:

"Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts."

At first, it seems easy to find ...

Get Mastering C# and .NET Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering C# and .NET Framework by Marino Posadas

A9 – Using components with known vulnerabilities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly