Protecting Your Software with Component Analysis
51mBeginner2022-10-25
Authors

Malcolm Shore
Cybersecurity Expert, Former Director of GCSB
Course details
Component libraries are critical for secure software development. They’re included in the frameworks used to run your end systems and web applications, but sometimes the components contain flaws. In this course, instructor Malcolm Shore gives an overview of the basic concepts of software composition analysis, showing you common tools to perform an effective analysis.
Discover the importance of knowing how to extract a software bill of materials, especially when you want to pinpoint vulnerabilities to protect your software from potential attacks. Get tips on identifying components that might lead to a security breach, as you explore which software composition analysis tools to use for each attack. Malcolm gives you pointers on using the CycloneDX SBOM exchange, SCANOSS, the ShiftLeft SCA tool, and the OWASP dependency checker. By the end of this course, you’ll be equipped with the skills to understand software component analysis and keep your software running safely and securely.
Discover the importance of knowing how to extract a software bill of materials, especially when you want to pinpoint vulnerabilities to protect your software from potential attacks. Get tips on identifying components that might lead to a security breach, as you explore which software composition analysis tools to use for each attack. Malcolm gives you pointers on using the CycloneDX SBOM exchange, SCANOSS, the ShiftLeft SCA tool, and the OWASP dependency checker. By the end of this course, you’ll be equipped with the skills to understand software component analysis and keep your software running safely and securely.
Skills covered
Programming FoundationsSoftware DevelopmentOne-Off
Concepts
0. Introduction
- 01 - Protecting against embedded component threats
- 02 - What you should know
- 03 - Disclaimer
1. Software Components
- 04 - Understanding software components
- 05 - Understanding software bill of materials (SBOM)
- 06 - Software component licensing
- 07 - Software component security
- 08 - Running a component exploit
- 09 - Building your own vulnerable component
2. Software Composition Analysis Tools
- 10 - What is software composition analysis
- 11 - OWASP and the CycloneDX SBOM exchange
- 12 - Analyzing software with SCANOSS
- 13 - Thinking about component vulnerabilities
- 14 - Checking for software component vulnerabilities
- 15 - Scanning with an automated SCA tool
- 16 - Using the OWASP dependency checker
- 17 - Identifying the origin of software components
Conclusion
- 18 - What's next
Related courses
- Data Planning, Strategy, and Compliance for AI Initiatives
- Data Science Foundations: Fundamentals
- Cyber Asset Management: Securing Digital Resources in the Modern Enterprise
- Excel 2024 Essential Training (Office 2024/LTSC)
- Ethical Hacking with JavaScript
- Vibe Coding Your First AI Agent with Claude Code
- Linux: Email Services
- Vulnerability Management in Cybersecurity: The Basics
Related learn paths
- Network Administration: Build Core Skills for Network Management and Security
- Become an Ethical Hacker
- Master Microsoft Excel
- Mastering Data Governance and Ethics
- Become an IT Security Specialist
- Level Up Your Personal Branding and AI Skills to Grow Your Career
- Building AI Products: Understanding the Workflow Professional Certificate
- Prepare for the CompTIA Security+ (SY0-601) Certification Exam