Explore runtime software component detection techniques in this insightful conference talk. Learn about the challenges of identifying vulnerable software components in operating environments, particularly those embedded in complex dependency chains. Discover how to leverage eBPF technology to detect specific software versions, such as Log4j and Spring Core, without initial application configurations. Gain knowledge on extracting crucial information from the Linux kernel during Java application execution and processing collected data to determine Java Archive details. Examine the implementation of a runtime Java component detector and its application in verifying vulnerable component usage within public container images. Understand the importance of SBOM (Software Bill of Materials) in light of recent security incidents and explore innovative approaches to enhance software security in runtime environments.
Zero-Configuration Runtime Software Component Detection
Overview
Syllabus
Zero-Configuration Runtime Software Component Detection - Inhyeok Jang
Taught by
Linux Foundation
Tags
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Realities of SBOM - What Is Under the Hood of Software Bill of Materials
-
OWASP Top 10 - A08:2021 - Software and Data Integrity Failures
-
CompTIA CySA+ (CS0-002)
-
OWASP Dependency Track - Software Composition Analysis and Vulnerability Management
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
