In recent years, the amount of open source components used by developers has growth. Millions of open source libraries are distributed through centralized systems such as Maven (Java), NPM and GitHub. In this talk, I will present the common security problems faced by companies that use open source.

Every time we download a module to use it in our application without knowing it, it means exposing our application to possible security problems and vulnerabilities that these modules have. We will study an example application that uses several vulnerable dependencies, which we will exploit as an attacker would. For each vulnerability, we will explain why it happened, we will show its impact and, most importantly, we will see how to avoid it or solve it. We will also talk about how to manage the risks of open source software using people, processes and tools.

These could be the main talking points:

-Security in open source repositories

-OWASP TOP 10 from an attacker perspective In this point I will comment the OWASP project that provides an environment to learn OWASP Top 10 security risks. I will comment the main risks we can find in web applications from an attacker perspective.

-Tools which will help to protect our applications scanning for known libraries with vulnerabilities in specific ecosystems like java,javascript and python.