How Malicious NPM Packages Make Your Apps Vulnerable - SnykLIVE Recording
Offered By: Snyk via YouTube
Course Description
Overview
Explore the world of malicious NPM packages and their impact on application security in this recorded livestream. Learn how developers can inadvertently install harmful packages and witness demonstrations of various attack vectors, including postinstall scripts, TypeScript exploits, and pipeline vulnerabilities. Discover practical recommendations and open-source tools to protect against these threats, enhancing your developer security skills. Gain insights from expert Zbyszek Tenerowicz as he covers topics such as the audit-resolver project, malicious package installation methods, and effective countermeasures. Dive into this comprehensive session to strengthen your understanding of NPM package security and safeguard your applications from potential vulnerabilities.
Syllabus
- Stream Start
- Introductions
- Audit-resolver Project
- How do Developers Install Malicious Packages?
- Demo: Malicious Package via postinstall script
- Demo: Malicious Package with TypeScript
- Demo: Malicious Package via Pipeline and prepublish script
- Recommendations to Stop These Attacks
- Some Open Source Tools to Help
- Conclusion
- Outro
- Stream End
Taught by
Snyk
Related Courses
Front-End Web UI Frameworks and ToolsThe Hong Kong University of Science and Technology via Coursera Using Open Source Web Tooling to Improve Development Proficiency
Microsoft via edX Front-End Web UI Frameworks and Tools: Bootstrap 4
The Hong Kong University of Science and Technology via Coursera Diseñando páginas web con Bootstrap 4
Universidad Austral via Coursera React 101 - basics complete & latest. Forms, routing, async
Udemy