Bad Actors vs Our Community - Detecting Software Supply Chain Attacks

Bad Actors vs Our Community - Detecting Software Supply Chain Attacks

PyCon US via YouTube Direct link

Intro

1 of 18

1 of 18

Intro

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Bad Actors vs Our Community - Detecting Software Supply Chain Attacks

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Open-source software is eating the world
  3. 3 Package managers
  4. 4 Bad actors exploit this trust
  5. 5 Software supply chain attack
  6. 6 Attack Technique: Typosquatting
  7. 7 Case study: mitmpraxy2
  8. 8 Technique: Social Engineering
  9. 9 Technique: Dependency Confusion
  10. 10 Technique: Account Hijacking
  11. 11 How to defend against these attacks
  12. 12 Manual vetting is infeasible
  13. 13 Existing tools report KNOWN CVES
  14. 14 Vanity stats are not enough
  15. 15 Packj: a dev-friendly vetting tool
  16. 16 API Analysis
  17. 17 Metadata Analysis
  18. 18 Enabling package vetting at scale

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.