The Rise of Software Supply-Chain Attacks - How Secure is Your .NET Application
Offered By: NDC Conferences via YouTube
Course Description
Overview
Explore the evolution and increasing sophistication of software supply-chain attacks in this 57-minute conference talk from NDC Sydney 2020. Trace the history of hacking from early infrastructure exploits to modern DevOps vulnerabilities. Examine how cloud-native approaches and complex application landscapes have expanded the attack surface. Learn to identify and mitigate security issues throughout the software supply chain using a .NET application as an example. Discover the importance of securing development machines, source repositories, and build pipelines. Understand concepts like Software Bill of Materials (SBOM) and reproducible builds. Gain insights into protecting your applications from emerging threats in the interconnected world of software development and deployment.
Syllabus
Intro
The Rise of Software Supply Chain Attacks
Agenda
Hacking History
Getting connected!
Smashing the Stack...
SQL Injection
Code Red & SQL Slammer
Bill Gates - Email to all MS FTE
Changes in Software Architecture
What is a Supply Chain?
Hacking Hardware
Octopus Scanner - NetBeans
Visual Studio Code
Development Machine
Canonical GitHub Account
Microsoft GitHub Account
Use MFA on source-repository
GIT Commit Signing
EvenStream NPM
Build / Deployment
XCode Ghost
Twilio SDK
Webmin Backdoor
Reproducable/Deterministic Builds
Automotive Industry
Car Supply Chain
Software Bill of Materials (SBOM)
In-Toto - Demo - Terminology
DataDog & In-Toto
Azure Pipelines Artifact Policy
Conclusion
Taught by
NDC Conferences
Related Courses
The Evolution of the Software Supply Chain AttackPluralsight AI and Cybersecurity - The Twain Shall Meet
CAE in Cybersecurity Community via YouTube Whom Do You Trust - MSPs and Other Forgotten Risks for SMBs
RSA Conference via YouTube Code Dependency - Chinese APTs in Software Supply Chain Attacks
BSidesLV via YouTube A Critical Assessment of Supply Chain Intrusion Vectors
BruCON Security Conference via YouTube