Software Engineering Radio - the podcast for professional software developers Episode 535: Dan Lorenc on Supply Chain Attacks
Oct 25, 2022
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Introduction
00:00 • 2min
The Attack Surface of the Software Supply Chain
02:17 • 2min
The State of the Software Supply Chain
04:07 • 2min
Supply Chain Attacks Detected?
05:56 • 2min
Supply Chain Attacks - What Are the Top Attacks?
07:40 • 3min
Attacking Open Source Code on a Developer's Laptop
10:17 • 2min
Is Dependency Confusion Really a Threat?
11:55 • 2min
XYZ Credit Card Charge
14:20 • 2min
Stack Overflow Questions About SolarWinds
16:42 • 3min
What's the Role of Code Obfuscation?
19:17 • 2min
The Worst Form of a Vulnerability
21:39 • 2min
Java JVM
23:50 • 3min
How to Log a Malicious Password Into a JVM
26:57 • 2min
Compilers and Interpreters Are Not Enough to Secure a Compiler
28:48 • 2min
How the Log for J Was Exploited in the Wild?
31:01 • 3min
SolarWinds Compromide - An Attack Against Solar Winds
33:53 • 2min
Code Cache Attacks - What Are They?
36:02 • 4min
Is There a Malware Compromise on NPM?
39:35 • 2min
The Top 10 Lessons Learned From These Attacks
42:02 • 2min
Is There a Recursive Nature of Package Management?
43:46 • 5min