Explore how to identify risks in your software supply chain through enhanced security testing and adversary simulation in this one-hour webcast presented by John Sawyer, Director of Red Team Services at IOActive. Delve into the limitations of current corporate security tests and the resulting blind spots, particularly in the increasingly diverse, complex, and vulnerable software supply chain. Examine recent high-profile attacks like SolarWinds, Kaseya, and Codecov to understand the urgency of supply chain testing. Learn about the paradigm shift in supply chain vulnerability, assess the extent of your supply chain, and identify associated risks. Discover the Minecast compromise and the Minor Enterprise Attack Framework. Gain insights into supplier attacks, software vulnerabilities, and real-world compromise examples. Acquire practical knowledge on implementing vendor risk assessments, policies, intelligence gathering, and various testing areas including security, penetration testing, and source code security to enhance your organization's supply chain defenses.
Overview
Syllabus
Introduction
John Sawyer
Overview
Paradigm Shift
Supply Chain Vulnerability
How far does the supply chain go
Supply chain risks
Supply chain security
Minecast compromise
Minor Enterprise Attack Framework
Supply Chain Compromise
Supplier Attacks
Software Vulnerabilities
Example of a Compromise
What Can You Do
Vendor Risk Assessments
Policies
Intelligence gathering
Different areas of testing
Security
Penetration Testing
Source Code Security
Taught by
RSA Conference
Related Courses
-
ISC2 Certified Secure Software Life-Cycle Professional (CSSLP)
-
A Different Kind of S3 - First Line Security of the Supply Chain
-
Exploring a Risk Approach to Software Supply Chain Security
-
Drivers for Software Supply Chain Security Programs
-
Securing Your .NET Application Software Supply Chain
-
Supply Chain Security for OpenSource Projects
