YoVDO

Protect Yourself Against Supply Chain Attacks

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses Software Development Courses Cybersecurity Courses DevOps Courses Supply Chain Security Courses Software Composition Analysis Courses

Course Description

Overview

Explore the critical topic of supply chain attacks in this NDC Security 2022 conference talk. Learn about various attack vectors targeting development pipelines, including shell script vulnerabilities, package typosquatting, and internal package name squatting on public repositories. Discover how simple settings can be exploited to hijack environments, potentially leading to severe consequences. Gain insights into protecting your CI/CD pipeline, understanding package management risks, and implementing effective security measures. Delve into topics such as Software Composition Analysis, Software Package Data Exchange, and the importance of traceability in maintaining a secure supply chain. Equip yourself with the knowledge to safeguard your development processes against increasingly common supply chain threats.

Syllabus

Introduction
Agenda
The Supply Chain
Devils Pipeline
Supply Chain Confusion
Package Squad
Namespaces
namespace confusion
Timelines
NPM Audit
NPM Autofix
MPQ Autofix
Attack Examples
SCVs
Gitbook
Inventory
Software Composition Analysis
Software Package Data Exchange
Verification Standard 3
Traceability
Package Management
Component Analysis
Provenance Pedigree


Taught by

NDC Conferences

Related Courses

Startup Engineering
Stanford University via Coursera
Developing Scalable Apps in Java
Google via Udacity
Cloud Computing Concepts, Part 1
University of Illinois at Urbana-Champaign via Coursera
Cloud Networking
University of Illinois at Urbana-Champaign via Coursera
Cloud Computing Concepts: Part 2
University of Illinois at Urbana-Champaign via Coursera