Supply Chain Anarchy - Trojaned Binaries in the Java Ecosystem
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the critical issue of supply chain security in the Java ecosystem through this conference talk from AppSecUSA 2017. Delve into the potential risks of trojaned binaries in open-source components, which make up 80% of modern software applications. Learn about an automated security pipeline created to detect malicious discrepancies between source code and binaries in Java libraries. Understand the importance of source-to-binary traceability and the challenges of identifying intentionally introduced vulnerabilities. Gain insights from Jeff Williams, CTO of Contrast Security, on the need for vigilance in trusting third-party code and the potential consequences of compromised popular components like Log4j or Apache Commons.
Syllabus
Supply Chain Anarchy - Trojaned Binaries in the Java Ecosystem - AppSecUSA 2017
Taught by
OWASP Foundation
Related Courses
Inspecting Open Source Software Packages for Security and License CompliancePluralsight DevSecOps Fundamentals
Cybrary Effective Vulnerability Discovery with Machine Learning
Black Hat via YouTube The Devils in the Dependency - Data Driven Software Composition Analysis
Black Hat via YouTube Protect Yourself Against Supply Chain Attacks
NDC Conferences via YouTube