Oops! Stories of supply chain shenanigans
Zbyszek Tenerowicz - 4 years ago
We know a lot about vulnerable packages in NPM registry. But (surprisingly) few malicious packages have surfaced to date. Makes you feel like you don't really need to protect your project against them. Well, I'm here to destroy that cozy feeling >:D
I will demonstrate how a malicious package could affect your application, even if some security measures are already in place. After the exploits, I'll explain how to prevent the attacks without missing out on the benefits of packages using postinstall scripts for valid reasons.
Watch this if you love horror stories!
Watch this if you care about avoiding horror stories!
I will demonstrate how a malicious package could affect your application, even if some security measures are already in place. After the exploits, I'll explain how to prevent the attacks without missing out on the benefits of packages using postinstall scripts for valid reasons.
Watch this if you love horror stories!
Watch this if you care about avoiding horror stories!
Jobs with related skills
SAP Developer IT HR (m/w/d)
Deichmann SE
·
17 days ago
Essen, Germany
Hybrid
IDE Plugin Developer with AI Focus (m/f/x)
Dynatrace
·
19 days ago
Vienna, Austria
+1
Hybrid
PHP-Developer Banking (m/w/d)
Sopra Steria Custom Software Solutions GmbH
·
19 days ago
Hamburg, Germany
Hybrid
Softwarearchitekt (w/m/d)
BITE GmbH
·
26 days ago
Aachen, Germany
Related Videos
