This course aims to help learners understand and protect against supply chain attacks in their pipelines. The course covers various attack vectors such as breaking out of shell scripts, misusing third-party packages, and squatting internal package names. By the end of the course, learners will be able to identify potential vulnerabilities in their pipelines and implement strategies to mitigate supply chain attacks. The course teaches skills such as package management, software composition analysis, and verification standards. The teaching method includes theoretical explanations, real-world examples, and practical demonstrations. This course is intended for software developers, DevOps engineers, cybersecurity professionals, and anyone involved in software development and deployment processes.
Protect Yourself Against Supply Chain Attacks
Overview
Syllabus
Introduction
Agenda
The Supply Chain
Devils Pipeline
Supply Chain Confusion
Package Squad
Namespaces
namespace confusion
Timelines
NPM Audit
NPM Autofix
MPQ Autofix
Attack Examples
SCVs
Gitbook
Inventory
Software Composition Analysis
Software Package Data Exchange
Verification Standard 3
Traceability
Package Management
Component Analysis
Provenance Pedigree
Taught by
NDC Conferences
Related Courses
-
How Much Do You Trust That Package? Understanding the Software Supply Chain
-
Adapting DevOps in a World of Growing Software Supply Chain Attacks
-
Bad Actors vs Our Community - Detecting Software Supply Chain Attacks
-
The Rise of Software Supply-Chain Attacks - How Secure is Your .NET Application
-
The Rise of Software Supply-Chain Attacks - How Secure is Your .NET Application
-
Unearthing Malicious and Risky OpenSource Packages Using Packj
