Explore security concerns throughout the software supply chain in this 36-minute conference talk from Conf42 DevOps 2024. Delve into topics such as security through obfuscation, the MoveIT transfer vulnerability, and the importance of developer education in coding safely. Examine software dependencies, including the Synopsis 2023 OSSRA report findings and supply-chain levels for software artifacts. Learn about dependency confusion attacks, package mining, and the infamous left-pad incident. Investigate container development challenges and discover hope through OWASP resources, OpenSSF courses, and actionable steps to improve security practices. Gain valuable insights to address vulnerabilities and strengthen your software development process from start to finish.
Security Concerns in Every Stage of the Software Supply Chain
Overview
Syllabus
intro
preamble
background - melissa mckay
jfrog & nginx series
security through obfuscation
moveit transfer vulnerability progress
owasp joke essay
coding safely: developer education
software dependencies
synopsis 2023 ossra report cyrc findings from 2022
supply-chain levels for software artifacts
dependency confusion attack - package mining
managing open source dependencies
the left-pad incident
container development
is there any hope???
what else can we do?
owasp resources cheat sheets
openssf trio of free courses
what can we do???
questions?
Taught by
Conf42
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Confessions of a Vulnerable Developer: What Developers Need to Know About Security
-
OWASP Dependency Track - Fortifying the Software Supply Chain
-
Securing the Software Supply Chain: An In-Depth Exploration of SLSA
-
Secure Software Supply Chains for Python
-
OWASP Dependency Track - Software Composition Analysis and Vulnerability Management
