Open Source vulnerability management for software development and cloud environments

Security vulnerabilities can quickly arise in the software development process, such as SQL or XSS injections, configuration errors in the Infrastructure as Code or security vulnerabilities in integrated libraries. You don’t have to use commercial tools to detect and manage vulnerabilities. The Open Source ecosystems provides a lot of powerful tools, that can be used very efficiently.

The talk introduces a straightforward process how to detect and mitigate vulnerabilities and shows a demonstration, how to use Open Source tools to support the process.

Nowadays, almost all companies develop software which is available on the internet, be it mobile apps, web apps or APIs to connect customers and partners. Security vulnerabilities can quickly arise in the software development process, such as SQL or XSS injections, configuration errors in the Infrastructure as Code or security vulnerabilities in integrated libraries. This makes vulnerability management an important factor in preventing the software from becoming a gateway for attackers. In addition to commercial products, there is also a steadily growing open source ecosystem available for this purpose. The talk will discuss:

• What are the most important steps in vulnerability management in software development?
• What are the advantages but also the limitations of open source tools for vulnerability management compared to commercial products?
• How easy is it to integrate open source vulnerability scanners into the development process?
• Why is the use of an Open Source vulnerability management system such as SecObserve important?
• How can the results used to improve other processes

In addition to the slides, the talk will also show a practical example of how vulnerability scanners can be integrated into a CI/CD pipeline and how the results can be assessed in the Open Source vulnerability management system SecObserve.