Detecting Malicious Dependencies at Scale with Static Analysis
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore techniques for identifying and neutralizing malicious dependencies in open source package managers through static analysis in this 54-minute conference talk. Learn how to develop Semgrep rules for detecting code patterns common to malicious packages and uncommon in normal software. Discover methods for using static analysis and package metadata to identify features that collectively signal possible inclusion of malicious code. Gain insights into speeding up the auditing process for third-party software in highly-controlled environments. Presented by Kurt Boberg from Semgrep's Security Research Team at the OWASP Foundation event, this talk provides valuable knowledge for improving open-source supply chain security.
Syllabus
Obfuscation Nation: Detecting Malicious Dependencies at Scale with Static Analysis
Taught by
OWASP Foundation
Related Courses
Raining CVEs on WordPress Plugins with Semgrepnullcon via YouTube Writing a Language Server in OCaml for Emacs - Fun and Profit
EmacsConf and Emacs hangouts via YouTube No Size Fits All: Empowering Engineers with Custom Application Security Tests
NDC Conferences via YouTube Effective SAST: Secure Code Analysis in the CI/CD
DevConf via YouTube Introduzione a SAST e Mobile Security Testing
DevSecCon via YouTube