Enhancing CVE Identification using the Contextual Analysis attacks & Detection and Prevention of malicious packages @ Supply Chain Security Meetup Meetup
June 24, 2022
2 min read
Open-source vulnerabilities are in many applications. While finding them is critical, even more, critical is remediating them as fast as possible.
Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle, as seen with Log4j and Solarwinds.
Hear from industry experts at our upcoming Meetup to learn more about 3rd party vulnerabilities, threat research on real data, Red Teaming of your software supply chain, and CVE Identification and Contextual Analysis.
Talk Start Times:
3rd party vulnerabilities through DNS – Chen Arie (Enso.security)
Detection and Prevention of malicious packages and attacks
Jonathan Sar Shalom, Director of Threat Research @JFrog
Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar, hosted by JFrog Director of Threat Research Jonathan Sar Shalom, will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.
We will dive into:
- The types of attacks and types of payloads contained in these malicious packages
- Explain how these malicious packages can be identified and rejected
- Best practices for a secure development workflow and relevant OSS tools to use
Red Teaming – Uriel Kosayev (ABInBev)
Enhancing CVE Identification using the Contextual Analysis – Shachar Menashe (JFrog)