Today's web applications are no longer the work of a single developer nor of a single development team; nowadays, developing a functional, user-friendly, attractive-looking web application implies the use of third-party components, such as programming libraries, APIs to external services (Facebook, Google, and Twitter), development frameworks, and many other components in which programming, testing, and patching have very little or no relevance.
Sometimes, these third-party components are found vulnerable to attacks and they transfer those vulnerabilities to our applications. Many of the applications that implement vulnerable components take a long time to be patched, representing a weak spot in an entire organization's security. That's why, OWASP classifies the use of third-party components...
