Krakow, Poland, 31 May - 2 June 2023

The anatomy of supply chain attacks - practical lessons from recent breaches
Conference (INTERMEDIATE level)
Room 4A
Score 0.10
Score 0.17
Score 0.19
Score 0.19
The match becomes increasingly accurate as the similarity score approaches zero.

Software supply chain attacks have become alarmingly more prominent over the past years. Successful exploits have changed the economics adversaries use and it has even changed potential victims. Increasingly, developer tools have become the target of these attacks with adversaries targeting git repositories, package managers and CI/CD pipelines.

This presentation will focus on exactly how adversaries target developers to disrupt the build process of the software supply chain. To do this we examine recent examples of how adversaries successfully abused these tools and recreate the attack with demos. This will include how to target developer accounts, how to abuse common misconfigurations to elevate privileges, how an abuser can remain hidden and how attackers can inject malicious packages into your build cycle. 

In addition, we will also review exactly what supply chain attacks are and how they have changed the attack landscape. Including how the economics for adversaries have been reimagined following prominent supply chain attacks and how this has affected who the end victims could be. Finally, we will review security measures that can be immediately implemented to harden key weaknesses in code repositories and CI/CD pipelines and how you can detect an attack during the early reconnaissance stages. The goal of this presentation will be to not only show adversarial trends but also arm the audience with a few key defensive takeaways that are aimed specifically at developers 

Mackenie Jackson
GitGuardian

Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations. 

Today as a Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.

Ticket prices will go up in...

28
Days
:
 
14
Hours
:
 
54
Minutes
:
 
12
Seconds

You missed out!

Venue address

ICE Krakow, ul. Marii Konopnickiej 17

Phone

+48 691 793 877

Email

info@devoxx.pl

Social Media