In Security of WebApps, we often think of securing our database, application server security & other frameworks security like Structs, Spring etc. Generally, Frameworks are the first point of target for the hackers because it provides straight entry into the target application. But, the situation has been changed a little bit. These frameworks are getting more secure day by day. And hackers are targeting low hanging fruits.
Following problems may happen using third-party libraries:
- Confidentiality, Integrity etc are other security risks.
General practice is that keep them in the source code & use them. Do not depend on patch & updates regularly from the owner of these libraries. It is one way to add security to our application. Let’s assume you want to upgrade these libraries to get some latest features or bug fixes then plan just like you plan for any software update. Do not just copy paste minified version.
This seems very small step & do not get much attention. We all try to solve big problems first. But, In my opinion, these small issues solve the bigger problem & control much more damage than building a new rocket. For suggestion or inputs, leave your comments. Thanks.