Overview
Syllabus
Intro
The Rise of Software Supply Chain Attacks
Agenda
Hacking History
Getting connected!
Smashing the Stack...
SQL Injection
Code Red & SQL Slammer
Bill Gates - Email to all MS FTE
Changes in Software Architecture
What is a Supply Chain?
Hacking Hardware
Octopus Scanner - NetBeans
Visual Studio Code
Development Machine
Canonical GitHub Account
Microsoft GitHub Account
Use MFA on source-repository
GIT Commit Signing
EvenStream NPM
Build / Deployment
XCode Ghost
Twilio SDK
Webmin Backdoor
Reproducable/Deterministic Builds
Automotive Industry
Car Supply Chain
Software Bill of Materials (SBOM)
In-Toto - Demo - Terminology
DataDog & In-Toto
Azure Pipelines Artifact Policy
Conclusion
Taught by
NDC Conferences