Node.js dependency confusion attacks & Vulns in Go binaries

DevSecCon Germany - April

Click “Join the event” in the sidebar to join this session

 

Questions? Join the conversation on Slack https://snyk.co/DSC-Slack-Invite


Talk 1 | Protecting my Node.js project of dependency confusion attacks

Having a private registry as part of a stack is getting a popular trend due to the benefits that it brings to your organization. But a misconfigured registry can open the door to malicious individuals. This talk is about how to secure a Node.js project from dependency confusions and other possible attacks using a Verdaccio registry as proof of concept.

Juan Picado - DevSecConSpeaker: Juan Picado
Senior Front-End Engineer at eBay Classifieds Group based in Berlin, building front-ends for classifieds like Kijiji Autos in Canada. He is a passionate JavaScript engineer, contributes to open source almost every day and is the lead maintainer of Verdaccio (mostly in his spare time). His goal is to help the Node.js ecosystem to keep a free and open private registry accessible for all developers.

 


Talk 2 | Go Hard or Go Home – Detecting module vulnerabilities from Go binaries

Cloud native applications are typically made up of a small core of homegrown code, along with a lot of open source modules. Vulnerabilities in modules across most languages are increasing, and so scanning that code for security vulnerabilities is a critical piece of the security jigsaw. This is straightforward in interpreted languages since the module information is shipped with our application, but in compiled languages like Go it’s not as straightforward. At Snyk we recently introduced the ability to automatically detect and scan included modules from Go binaries within your containers, and in this talk we’ll deep dive into the details of how we got there – from automatically detecting Go binaries inside your container images, to breaking apart the binary format and extracting the header information, and implementing this all functionality in our Node based command line client. If the internals of Go binaries are your thing, then this is the talk for you !

Agata Krajewska - DevSecConSpeaker: Agata Krajewska

Agata is a Software Engineer in Container group in Snyk. Agata has spent the last year working on runtime security, solving problems around image scanning architectures and platforms. Whenever there’s a chance, she enjoys writing low level and embedded software code. Besides coding, Agata also teaches yoga and visits all the best food spots in East London.

Daniel Kontorovskyi - DevSecConSpeaker: Daniel Kontorovskyi

Daniel Kontorovskyi is a Software Engineer at Snyk, and has spent most of the last 5 years building SAAS products in the security space. Most recently Daniel has been focused on the emerging need for security within cloud native applications and at runtime.

The event is finished.

Book Event

DevSecCon Germany - March 2021

Stranger Danger: lunch & learn with DevSecCon Germany

Available Tickets: Unlimited
The DevSecCon Germany - March 2021 ticket is sold out. You can try another ticket or another date.

Date

Apr 21 2021
Expired!

Time

11:00 am - 12:30 pm

Local Time

  • Timezone: America/New_York
  • Date: Apr 21 2021
  • Time: 7:00 am - 8:30 am

More Info

Join the event

Location

Virtual Event
Category
REGISTER
QR Code
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.