YoVDO

Detecting Malicious Dependencies at Scale with Static Analysis

Offered By: OWASP Foundation via YouTube

Tags

Static Analysis Courses Supply Chain Security Courses Code Obfuscation Courses Semgrep Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore techniques for identifying and neutralizing malicious dependencies in open source package managers through static analysis in this 54-minute conference talk. Learn how to develop Semgrep rules for detecting code patterns common to malicious packages and uncommon in normal software. Discover methods for using static analysis and package metadata to identify features that collectively signal possible inclusion of malicious code. Gain insights into speeding up the auditing process for third-party software in highly-controlled environments. Presented by Kurt Boberg from Semgrep's Security Research Team at the OWASP Foundation event, this talk provides valuable knowledge for improving open-source supply chain security.

Syllabus

Obfuscation Nation: Detecting Malicious Dependencies at Scale with Static Analysis


Taught by

OWASP Foundation

Related Courses

Cyber Security in Manufacturing
University at Buffalo via Coursera Supply Chain and Operations Management Tips
LinkedIn Learning Kubernetes Security: Implementing Supply Chain Security
Pluralsight Implement Cybersecurity Best Practices in Your Organization
Salesforce via Trailhead ISC2 Certified Secure Software Life-Cycle Professional (CSSLP)
Cybrary