Overview
Syllabus
Intro
Survey
Why Vulnerability Scanning
Penetration Testing vs Vulnerability Scanning
What is Vulnerability Scanning
Basic Package Discovery
Problem with Basic Package Discovery
Components which dont have metadata
Debian Vulnerability Database
Google Vulnerability Database
Summary
The problem is deep
Whats happening inside Docker
The problem with container results
The problem with libcurl
The problem with Busybox
Automating the decision process
Small research
Scripting magic
Vulnerability list
Automation
What it means
Vex
What is VX
VX in action
From VX perspective
Questions
Taught by
Devoxx