Sign up or log in to watch the video
You click, you lose: a practical look at VSCode's security
Thomas Chauchefoin & Paul Gerste - 8 months ago
Developers are becoming targets of choice for threat actors: by compromising a single developer, software backdoors and supply chain attacks can lead to the compromise of high-profile organisations. For instance, a recent campaign attributed to North Korea targeted prominent developers with malicious Visual Studio projects and browser exploits. At the same time, IDEs offer increasingly advanced features and deep integration in ecosystems, sometimes at the cost of basic security measures. They tried to counterbalance it by introducing new lines of defense (e.g., "Workspace Trust"), whose design led to a cat-and-mouse game to restrict access to sensitive attack surfaces while keeping most features available by default. In this talk, we present the state of the art of Visual Studio Code's security. We show its various attack surfaces and will demonstrate how they are impacted by real-world vulnerabilities. You will now think twice before opening third-party code in your IDE!
Newest jobs
IT-Software Developer (m/w/d)- ERP-Systems
VEGA Grieshaber KG
·
2 days ago
Schiltach, Germany
Hybrid
IT-Software Developer (m/w/d) - CRM-Systems
VEGA Grieshaber KG
·
2 days ago
Schiltach, Germany
Hybrid
Software Developer - Audio Processing
Fraunhofer-Institut für Integrierte Schaltungen IIS
·
3 days ago
Erlangen, Germany
Hybrid
Senior Backend Engineer
Apryse
·
3 days ago
Ghent, Belgium
Hybrid
Related Videos