Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can lead to data loss or server compromise.
In applications, APIs that use components with known vulnerabilities can weaken the security of the application and allow for severe attacks and breaches.
| OWASP Top 10 Application Security Risks - 2017 | Reference |
|---|---|
| A9:2017-Using Components with Known Vulnerabilities | OWASP |
“We are standing on the shoulders of giants,” said Bernard of Chartres, a French philosopher of the 1100s. It is undeniable that without the reuse of technologies and methodologies, the effort and risk in achieving a result would be immense.
However, this should not distract us from considering our systems and applications as a whole, taking into account all ramifications and dependencies. If the complexity we expose ourselves to by using third-party components is beyond our capabilities, then our strategy is wrong and needs to be revised.Francesco Ongaro
