Pen-Testing the Supply Chain

Explore how to identify risks in your software supply chain through enhanced security testing and adversary simulation in this one-hour webcast presented by John Sawyer, Director of Red Team Services at IOActive. Delve into the limitations of current corporate security tests and the resulting blind spots, particularly in the increasingly diverse, complex, and vulnerable software supply chain. Examine recent high-profile attacks like SolarWinds, Kaseya, and Codecov to understand the urgency of supply chain testing. Learn about the paradigm shift in supply chain vulnerability, assess the extent of your supply chain, and identify associated risks. Discover the Minecast compromise and the Minor Enterprise Attack Framework. Gain insights into supplier attacks, software vulnerabilities, and real-world compromise examples. Acquire practical knowledge on implementing vendor risk assessments, policies, intelligence gathering, and various testing areas including security, penetration testing, and source code security to enhance your organization's supply chain defenses.

Introduction
John Sawyer
Overview
Paradigm Shift
Supply Chain Vulnerability
How far does the supply chain go
Supply chain risks
Supply chain security
Minecast compromise
Minor Enterprise Attack Framework
Supply Chain Compromise
Supplier Attacks
Software Vulnerabilities
Example of a Compromise
What Can You Do
Vendor Risk Assessments
Policies
Intelligence gathering
Different areas of testing
Security
Penetration Testing
Source Code Security