In person

OWASP Lisboa - May 2024 Chapter Meetup

Join us for the 7th OWASP Lisboa meetup!

Location: R. Castilho 77 · Lisboa

Harnessing Reachability Analysis to Discern Real Threats in Software Dependencies

In this talk, we will dive into the shortcomings of traditional dependency analysis methods, which usually focus on looking at build manifests and metadata, to spot security or performance vulnerabilities in Java projects. While tools like Maven Dependency Checker and Gradle's dependency-analysis plugin are invaluable for their ability to manage dependencies, they often fall short when we need quick and precise answers, forcing developers to lean on time-consuming tests and manual code reviews. We believe that a thorough look at how dependencies are actually used in the code—with the help of static and reachability analyses—can be a more effective way to pinpoint real threats in Java dependencies.

We'll use real-world examples to show how static analysis, and in particular reachability analysis, offers deeper insights into potential vulnerabilities by moving beyond simple metadata. By sharing examples where static analysis has been a game-changer, and pointing out where it might not be enough, we aim to shed light on the challenges and opportunities this method brings to improving security and performance in software projects.

Our goal is to provide attendees with practical strategies for using static and reachability analyses, promoting a more detailed method for managing dependencies and finding vulnerabilities in software applications.

Date
May 28, 2024
Time
6:00 PM - 8:00 PM WEST
Location
Europe

Sign up now

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Event Overview

Schedule

No items found.

Heading

No items found.

Want to stay in the loop?

Sign up for our newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.