As organizations try to increase their frontline securities, attackers are shifting to more subtle ways to break in. They exploit the dependencies and use of third-party software, which gives them more reach with less effort.
The presentation consists of two parts.
In the first part, we will present a 360-degree view of the attack surface. There will be plenty of real-world examples, including exploit details, to illustrate the different angles that attackers can exploit. Some in commercial applications, like SolarWinds or the MeDoc accounting software that led to the infamous NotPetya spread. Other examples are from open-source components, like UAParser.js or PHP. Dormant vulnerabilities like Log4j or Python’s tarfile illustrate how we can be unknowingly exposed for years. In addition to the real-world examples, we will cover categories of attacks like Dependency Confusion, Typo Squatting, and Brandjacking.
The message of the first part is that the full breadth of Supply Chain Attacks can seem overwhelming. By engaging with the audience, we will show that Supply Chain Attacks are a problem that concerns all of us.
In the second part, we present solutions. How can organizations handle the complexity and minimize the attack surface? We will discuss different frameworks and guidelines. Some of these are very hands-on while others approach the challenge from a compliance angle. Everyone from a down-in-the-dirt developer to a compliance oriented CISO will find their set of tools.
Check out our new channel:
NDC Clips:
‪@ndcclips‬
Check out more of our featured speakers and talks at
ndcconferences...
ndc-security.com/