Web applications (web apps) are rapidly growing in both importance and complexity. As e-commerce becomes more popular, the availability and security of an organization’s web presence have a dramatic impact on its profitability.
While developers commonly perform security scanning against the code that they write in-house, this is only a fraction of the code contained within a web application. Heavy use of third-party code, including open-source libraries, adds new functionality but also introduces additional vulnerabilities.
For most organizations, who have limited visibility into the external code that their applications depend upon, a web application firewall (WAF) is the best choice for protecting their web applications against exploitation.
Code Reuse is Often “Best Practice”
When creating a new application, few, if any, developers write every line of code from scratch. The sheer complexity of any program requires the use of existing code to implement crucial functionality.
As a result, some level of code reuse is considered “best practice”. In fact, many of the core metrics by which an application developer is evaluated benefit from the reuse of existing code and external libraries.
In general, code reuse speeds development time and can improve the correctness and efficiency of the application. Most developers are not experts in every topic, so using code created by someone who speeds the development process and decreases the probability of costly errors.
Open Source Libraries Introduce New Attack Vectors
One of the main challenges in the use of external code is ensuring ..