Overview
Syllabus
intro
preamble
about danish
disclaimer
supply chain
software supply chain
supply chain attacks
examples
npm node package manager
maintainer email address takeover
significance of maintainer email - recently
process - attacker's perspective
defensive strategy for projects or companies
research - wordl-wide-how
hassan intro
research - npm packages domains
impact!!!
gap that could be filled
ruby gems research approach
vulnerable ruby gem
hardest part!
some fun stuff!
another tool: script to detect dependency confusion
gemscanner
solutions
any questions?
thank you!
Taught by
Conf42