Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Software Supply Chain Security: Understanding and Mitigating Package Ecosystem Attacks

ISTA Conference via YouTube

Overview

Explore real-world incidents of software supply chain attacks in this 29-minute conference talk from ISTA, delivered by Payhawk Senior Software Engineer Todor Todorov. Gain critical insights into the security vulnerabilities within software package ecosystems like npm and NuGet, examining various attack vectors including dependency confusion, typosquatting, and malicious package insertion. Learn through detailed case studies how attackers create and distribute seemingly harmless packages containing malicious payloads, manipulate pull requests to popular repositories, and exploit these vulnerabilities to harvest sensitive data. Master essential mitigation strategies and best practices for protecting projects, including effective dependency management, implementation of private package repositories, and developer education on risk assessment and attack detection. Drawing from over 15 years of software engineering experience and expertise in clean code, cyber security, and DevOps, discover practical approaches to safeguarding projects and maintaining software supply chain integrity in today's interconnected digital landscape.

Syllabus

Supply Chain Shenanigans

Taught by

ISTA Conference

Reviews

Start your review of Software Supply Chain Security: Understanding and Mitigating Package Ecosystem Attacks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.