Back

Using Components with Known Vulnerabilities

By
Rejah Rehim
Published on
24 Jun 2018
owasp

Components such as libraries, frameworks and other software modules are almost always run with full privileges. If a vulnerable component is exploited it ends up in serious data loss

Example

Components mostly run with the same privileges the application itself has so flaws in any component can seriously impact the application. Such flaws can be accidental like coding error or intentional like backdoor in component.

Impact

The full range of weaknesses is possible containing injection, broken access control, XSS, etc. This mighr end up in minimal to a complete host takeover and data compromise.

Mitigation / Precaution

  • Remove unused, components unnecessary features, files, and documentation, dependencies.

  • Only use components from official sources. Prefer usage of signed packages to reduce the chance of including a modified, malicious component.

  • Monitor the libraries and components that are unmaintained or of older versions. If patching is not possible, consider deploying a virtual patch to monitor, detect, or protect against issue.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Rejah Rehim
Rejah Rehim
Co-founder, Director
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour