Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Bad Actors vs Our Community - Detecting Software Supply Chain Attacks
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Open-source software is eating the world
- 3 Package managers
- 4 Bad actors exploit this trust
- 5 Software supply chain attack
- 6 Attack Technique: Typosquatting
- 7 Case study: mitmpraxy2
- 8 Technique: Social Engineering
- 9 Technique: Dependency Confusion
- 10 Technique: Account Hijacking
- 11 How to defend against these attacks
- 12 Manual vetting is infeasible
- 13 Existing tools report KNOWN CVES
- 14 Vanity stats are not enough
- 15 Packj: a dev-friendly vetting tool
- 16 API Analysis
- 17 Metadata Analysis
- 18 Enabling package vetting at scale