OWASP Top Ten Proactive Controls 2018 | C2: Leverage Security Frameworks and Libraries
Learn how secure coding libraries and frameworks can protect against security flaws. Best practices, tools, and prevention methods highlighted.
Overview
This article discusses the importance of leveraging security frameworks and libraries to guard against security-related design and implementation flaws in software development.
Description
Secure coding libraries and software frameworks with embedded security play a crucial role in protecting against security vulnerabilities. By using trusted and actively maintained libraries, developers can efficiently implement security features and reduce the risk of flaws in their applications. This article also provides best practices for incorporating third-party libraries and frameworks and highlights tools such as OWASP Dependency Check and Retire.JS for vulnerability identification.
How to Prevent ?
To prevent security flaws, it is recommended to:
Example Attack Scenarios:
Outdated Libraries with Known Vulnerabilities: Using outdated libraries or frameworks with known vulnerabilities exposes software applications to potential attacks. Regularly updating libraries and components helps to address these security risks.
Untrusted or Unsupported Libraries: Using libraries or frameworks from untrusted or unsupported sources increases the likelihood of introducing security vulnerabilities. It is crucial to only use trusted and actively maintained libraries.