Explore the critical landscape of supply chain attacks in this 44-minute DevSecCon presentation, focusing on vulnerabilities within the NPM ecosystem. Delve into the 'What, Why, and How' of these threats and their far-reaching consequences, with particular emphasis on the risks associated with expired maintainer email addresses in NPM packages. Discover the results of an extensive research project that scanned 2.1 million NPM packages, identifying vulnerabilities and assessing their impact through download statistics. Learn about the methodology employed and gain access to an open-source script for automated vulnerability detection. Examine the history of NPM dependency attacks, review recent vulnerabilities, and acquire strategies to strengthen defenses against such threats. Gain valuable insights into open-source security, develop skills to identify vulnerable NPM dependencies, and learn how to protect your organization from potential attacks. This presentation addresses a crucial gap in current security practices and provides essential knowledge for safeguarding against NPM package vulnerabilities.
Supply Chain Attacks - Focusing on NPM Vulnerabilities and Defenses
Overview
Syllabus
Supply Chain Attacks - Focused on NPM attacks with Danish Tariq and Hassan Khan Yusufzai
Taught by
DevSecCon
Related Courses
-
Supply Chain Attacks: Focusing on NPM Vulnerabilities - DevSecOps 2023
-
Hardening Your Soft Software Supply Chain
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Securing the Unseen: Defending Against Open Source Software Supply Chain Attacks
-
Supply Chain Shenanigans - Evil npm and Shady NuGet
