Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Supply Chain Attacks - Focusing on NPM Vulnerabilities and Defenses

DevSecCon via YouTube

Overview

Explore the critical landscape of supply chain attacks in this 44-minute DevSecCon presentation, focusing on vulnerabilities within the NPM ecosystem. Delve into the 'What, Why, and How' of these threats and their far-reaching consequences, with particular emphasis on the risks associated with expired maintainer email addresses in NPM packages. Discover the results of an extensive research project that scanned 2.1 million NPM packages, identifying vulnerabilities and assessing their impact through download statistics. Learn about the methodology employed and gain access to an open-source script for automated vulnerability detection. Examine the history of NPM dependency attacks, review recent vulnerabilities, and acquire strategies to strengthen defenses against such threats. Gain valuable insights into open-source security, develop skills to identify vulnerable NPM dependencies, and learn how to protect your organization from potential attacks. This presentation addresses a crucial gap in current security practices and provides essential knowledge for safeguarding against NPM package vulnerabilities.

Syllabus

Supply Chain Attacks - Focused on NPM attacks with Danish Tariq and Hassan Khan Yusufzai

Taught by

DevSecCon

Reviews

Start your review of Supply Chain Attacks - Focusing on NPM Vulnerabilities and Defenses

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.