How we did it: Detection and prevention of a dependency confusion attack

Discussion Topics

Tactics of adversaries to infiltrate the software supply chain have grown more sophisticated. Among them: co-opting the names of submissions in public code, with the ultimate goal being to use counterfeit code to compromise networks. How can organizations recognize pockets of risk that may exist within their own development efforts? What preventative measures can they take to ensure devops processes don’t provide avenues of access for bad actors?

Join Matt Austin, Director of Security Research, to hear details about Contrast Security’s own experience with a targeted attack against its own code: how the company responded to prevent exploitation, and best practices for secure development.