Vandana Verma
Walking into the era of Supply Chain Risks
#1about 4 minutes
Developers as an unintentional malware distribution vehicle
Recent incidents like the event-stream package compromise show how attackers can turn developers into a distribution channel for malware.
#2about 4 minutes
The hidden risks of open-source dependencies
Vulnerabilities in common dependencies, like Apache Struts which led to the Equifax breach, highlight the danger of unmanaged open-source code.
#3about 4 minutes
Defining the modern software supply chain
The software supply chain mirrors a manufacturing process, and attackers exploit its weakest links to create cascading failures.
#4about 4 minutes
Common attack vectors and the zero trust principle
Attacks like dependency confusion and prototype pollution, exemplified by the SolarWinds incident, necessitate a zero trust security model.
#5about 4 minutes
Building a foundation for pipeline security
Secure your development pipeline by using frameworks from OpenSSF, implementing SBOMs, and securing code, containers, and secrets.
#6about 4 minutes
Demo: Bypassing sanitization with prototype pollution
A practical demonstration shows how prototype pollution can bypass input validation in a Node.js application by passing an array instead of a string.
#7about 3 minutes
Demo: Exploiting the Log4Shell vulnerability
This live hacking demo shows how the Log4j (Log4Shell) vulnerability allows an attacker to achieve remote code execution on a vulnerable server.
#8about 2 minutes
Demo: Remote code execution via a Python dependency
A vulnerable version of the Python Celery library is exploited to achieve remote code execution and exfiltrate server information.
#9about 1 minute
Fostering a developer-first security culture
The key to better security is creating a developer-friendly environment and engaging with communities like OWASP to stay informed.
#10about 8 minutes
Q&A: Career advice for aspiring security professionals
The speaker shares her career journey, tips for students entering cybersecurity, and thoughts on social engineering and learning resources.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
08:16 MIN
Common attacks targeting software developers
Vulnerable VS Code extensions are now at your front door
15:35 MIN
Modern cybersecurity challenges for developers
Cyber Security: Small, and Large!
01:00 MIN
Understanding the rising threat to software supply chains
Open Source Secure Software Supply Chain in action
08:22 MIN
How attackers exploit developers and packages
Vue3 practical development
00:43 MIN
Understanding the inherent risks of third-party dependencies
Reviewing 3rd party library security easily using OpenSSF Scorecard
00:03 MIN
Why developers are a prime target for attackers
You click, you lose: a practical look at VSCode's security
00:45 MIN
The expanding role of developers in security
Vulnerable VS Code extensions are now at your front door
32:54 MIN
Taking responsibility for your software supply chain
Coffee with Developers with Feross Aboukhadijeh of Socket about the xz backdoor
Featured Partners
Related Videos
1:58:59Stranger Danger: Your Java Attack Surface Just Got Bigger
Vandana Verma Sehgal
24:47Supply Chain Security and the Real World: Lessons From Incidents
Adrian Mouat
32:55Open Source Secure Software Supply Chain in action
Natale Vinto
24:01What The Hack is Web App Sec?
Jackie
27:32Security Pitfalls for Software Engineers
Jasmin Azemović
2:08:06The attacker's footprint
Antonio de Mello & Amine Abed
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
29:50Real-World Security for Busy Developers
Kevin Lewis
From learning to earning
Jobs that call for the skills explored in this talk.
