Скачать или смотреть Hacking the software supply chain one developer at a time - Paul McCarty

Description
Software engineers are under increased attack in 2023. Cybercriminals and APTs have realized that developers are a juicy target. They often have elevated access to systems and source code, and CI/CD processes. This increased access, and low security maturity means that devs can be vectors for different types of attacks:

Supply chain: Software engineers create the software systems that customers use, making them a target for criminals seeking to gain access to those customers.
Access: Criminals will target devs to gain access to cloud, CI/CD pipelines and cloud accounts.
Intellectual property: Criminals will target devs so they can get access to source code.

This talk will highlight the techniques that cybercriminals use to identify, target and attack software engineers. I’ll highlight how attackers will gather intel on engineers via OSINT and then target them using social media, phishing, developer tools, open source communities, and other techniques. Finally, I will describe techniques that engineers can use to protect themselves.

Speaker
Paul McCarty, SecureStack, Founder

-

Managed by the OWASP® Foundation
https://owasp.org/