You click, you lose: a practical look at VSCode's security
Thomas Chauchefoin & Paul Gerste - 2 years ago
Developers are becoming targets of choice for threat actors: by compromising a single developer, software backdoors and supply chain attacks can lead to the compromise of high-profile organisations. For instance, a recent campaign attributed to North Korea targeted prominent developers with malicious Visual Studio projects and browser exploits. At the same time, IDEs offer increasingly advanced features and deep integration in ecosystems, sometimes at the cost of basic security measures. They tried to counterbalance it by introducing new lines of defense (e.g., "Workspace Trust"), whose design led to a cat-and-mouse game to restrict access to sensitive attack surfaces while keeping most features available by default. In this talk, we present the state of the art of Visual Studio Code's security. We show its various attack surfaces and will demonstrate how they are impacted by real-world vulnerabilities. You will now think twice before opening third-party code in your IDE!
Jobs with related skills

SAP Security Architect (m/w/d)
Stadtwerke München GmbH
·
1 month ago
München, Germany

Cloud Security Architect - STACKIT (m/w/d)
STACKIT
·
1 month ago
Heilbronn, Germany
Hybrid
Newest jobs

Product Owner (m/w/d) Betrieb – Cloud & SaaS
PROSOZ Herten GmbH
·
today
Herten, Germany
Hybrid

Softwareentwickler (m/w/d) ABAP
AOK Systems GmbH
·
yesterday
Frankfurt am Main, Germany
Hybrid
Related Videos