Every time you bring code you didn't write into your application, you're possibly introducing behavior you weren't expecting. Even using well-known and battle-tested dependency libraries, your application might be opening files and making network connections without your knowledge. Come hear about some crazy hidden things we've seen applications doing, and how you can learn what yours are doing as well.

New vulnerabilities are disclosed every day in dependencies that you or your team may be using. But how do you know if you are actually using the vulnerable code? This workshop will show you how to use two different types of tools to analyze reachability (1) static call graphs and (2) runtime analysis, and help in deciding if the vulnerability needs to be prioritized based on your own code usage.