埃亚尔·帕兹与利亚德·科恩_我们能幸免于递归漏洞蝗虫吗.pdf

1、#BHUSA BlackHatEventsSpeakers:Eyal PazLiad CohenWill We Survive the Transitive Will We Survive the Transitive Vulnerability Locusts?Vulnerability Locusts?#BHUSA BlackHatEventsVP of Research OX SecurityEyal Paz is the VP of Research at OX SecurityEleven years at Check Point working on security resear

2、ch for product innovation in network security,and threat intelligence Ph.D.candidate researching the problem of encrypted traic classification.Eyal PazLiad CohenData Scientist&Security Researcher OX SecurityDeveloping innovative data-driven AppSec detection systems from ideation to PoCs to productio

3、nHackathons&CTFs mentorM.Sc.in Computer Science with a thesis on ad-hoc networks securityPublished papers and articles in security journals and DarkReading.#BHUSA BlackHatEventsTypical npm install stdout#BHUSA BlackHatEventsThe most widespread AppSec teams problem#BHUSA BlackHatEventsWOLF!WOLF!#BHUS

4、A BlackHatEventsThe wolves are out there#BHUSA BlackHatEventsSoftware Composition Analysis(SCA)#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventsDemo:The Problem is Realhttps:/ BlackHatEventshttps:/ Simple Exploit PoC#BHUSA BlackHatEventsResearch Question#1What is the likelihood of open

5、 source direct vulnerability exploit?#BHUSA BlackHatEvents1.SCA ScanTriage#BHUSA BlackHatEventsTriage1.SCA Scan2.Import#BHUSA BlackHatEventsTriage1.SCA Scan2.Import3.Usage#BHUSA BlackHatEventsTriage1.SCA Scan2.Import3.Usage4.Risk Analysishttps:/nvd.nist.gov/vuln/detail/CVE-2024-37890#BHUSA BlackHatE

6、ventsTriage1.SCA Scan2.Import3.Usage4.Risk Analysis5.Remediation/Risk Acceptancehttps:/ BlackHatEventsTriage-Scaled upMethodology#BHUSA BlackHatEventsTriage-Scaled upMethodology#BHUSA BlackHatEventsTriage-Scaled upMethodology#BHUSA BlackHatEventsTriage-Scaled upMethodology#BHUSA BlackHatEventsTriage