Hi, i have a question. In my firm we try to stay secure with in house application. We create list of all aplication depedencies with version. Here is my problem - how to check if they are secure. How u do that in your jobs? Thanks for information Best Whishes Lukasz Demczuk

Hello Lukasz, Could you describe your application a bit in detail so that we might be able to answer you specifically with respect to your need. On Wed, May 15, 2013 at 8:46 PM, Łukasz Demczuk <mamut1609@gmail.com> wrote: > Hi, > > i have a question. In my firm we try to stay secure with in house > application. > > We create list of all aplication depedencies with version. Here is my > problem - how to check if they are secure. > > How u do that in your jobs? > > Thanks for information > > Best Whishes > Lukasz Demczuk > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > -- Regards Aditya Balapure

If you're building in Java then you could use the Victims database: http://securityblog.redhat.com/2013/01/02/detecting-vulnerable-java-dependencies-at-build-time/ Comes with a maven plugin too. regards, Stephen On 15 May 2013, at 17:16, Łukasz Demczuk wrote: > Hi, > > i have a question. In my firm we try to stay secure with in house application. > > We create list of all aplication depedencies with version. Here is my problem - how to check if they are secure. > > How u do that in your jobs? > > Thanks for information > > Best Whishes > Lukasz Demczuk > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

Thx stephen this one of programing language i needed. Second is c++ any sugestion for that? Stephen u make my day :) Best whishes demczuk lukasz 15 maj 2013 18:18, "Stephen de Vries" <stephendv@gmail.com> napisał(a): > > If you're building in Java then you could use the Victims database: > http://securityblog.redhat.com/2013/01/02/detecting-vulnerable-java-dependencies-at-build-time/ > Comes with a maven plugin too. > > > regards, > Stephen > > > On 15 May 2013, at 17:16, Łukasz Demczuk wrote: > > > Hi, > > > > i have a question. In my firm we try to stay secure with in house > application. > > > > We create list of all aplication depedencies with version. Here is my > problem - how to check if they are secure. > > > > How u do that in your jobs? > > > > Thanks for information > > > > Best Whishes > > Lukasz Demczuk > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > >

Java - https://github.com/jeremylong/DependencyCheck Ruby on Rails - https://github.com/postmodern/bundler-audit HTH cktricky On Wed, May 15, 2013 at 12:18 PM, Stephen de Vries <stephendv@gmail.com>wrote: > > If you're building in Java then you could use the Victims database: > http://securityblog.redhat.com/2013/01/02/detecting-vulnerable-java-dependencies-at-build-time/ > Comes with a maven plugin too. > > > regards, > Stephen > > > On 15 May 2013, at 17:16, Łukasz Demczuk wrote: > > > Hi, > > > > i have a question. In my firm we try to stay secure with in house > application. > > > > We create list of all aplication depedencies with version. Here is my > problem - how to check if they are secure. > > > > How u do that in your jobs? > > > > Thanks for information > > > > Best Whishes > > Lukasz Demczuk > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org >