Welcome back. This is
the start of our final module. In this module, we're going to be talking about
vulnerable components. If you've been developer
for some time, or you've developed any code, you know that we rely
on a lot of libraries, and frameworks in order
to ship our products. The fast-paced culture of
this industry requires us to pull code from others and
build on top of their code. Sometimes, those code pieces
that we've pulled in open-source or
otherwise contained vulnerabilities that we
essentially inherit. Those vulnerabilities
become part of our risk profile and
our staff in our software. One of the most famous
examples of this in recent time is attack
against Equifax. A vulnerability in
their stress library led to what eventually became
an injection attack, and gave those hackers
full access to their system. In this module, we're
going to follow the same pattern of screencasts, and demonstrate
vulnerable components. Then you will take
some time to go back and review and practice activities from modules one, two, and three. Check the discussion thread, where your fellow learners
have been posting their questions and experiences to see what they've learned, and what you can learn from them. I've been doing this
for a long time, and there isn't a day that someone else's question
doesn't help me understand
the material better. So help out your peers and engage with them.
It'll help you too. Then you'll gather,
and edit your work and submit it as your final peer
reviewed assignment, following their written
directions in the course. After this module, you'll be
able to explain why patching vulnerable components is vital to the security of
our application. You'll find the flaw or
vulnerable components encode, identify a payload or a process that works against
them and patch it. You'll also be able to
describe the anatomy of an attack using
an industry example. Lastly, you'll compile, edit, and complete your peer
review final projects, and review work of
two other peers. All right. Let's get started.