Node.js dependency confusion attacks & Vulns in Go binaries
Click “Join the event” in the sidebar to join this session
Questions? Join the conversation on Slack https://snyk.co/DSC-Slack-Invite
Talk 1 | Protecting my Node.js project of dependency confusion attacks
Having a private registry as part of a stack is getting a popular trend due to the benefits that it brings to your organization. But a misconfigured registry can open the door to malicious individuals. This talk is about how to secure a Node.js project from dependency confusions and other possible attacks using a Verdaccio registry as proof of concept.
Speaker: Juan Picado
Talk 2 | Go Hard or Go Home – Detecting module vulnerabilities from Go binaries
Cloud native applications are typically made up of a small core of homegrown code, along with a lot of open source modules. Vulnerabilities in modules across most languages are increasing, and so scanning that code for security vulnerabilities is a critical piece of the security jigsaw. This is straightforward in interpreted languages since the module information is shipped with our application, but in compiled languages like Go it’s not as straightforward. At Snyk we recently introduced the ability to automatically detect and scan included modules from Go binaries within your containers, and in this talk we’ll deep dive into the details of how we got there – from automatically detecting Go binaries inside your container images, to breaking apart the binary format and extracting the header information, and implementing this all functionality in our Node based command line client. If the internals of Go binaries are your thing, then this is the talk for you !
Speaker: Agata Krajewska
Agata is a Software Engineer in Container group in Snyk. Agata has spent the last year working on runtime security, solving problems around image scanning architectures and platforms. Whenever there’s a chance, she enjoys writing low level and embedded software code. Besides coding, Agata also teaches yoga and visits all the best food spots in East London.
Speaker: Daniel Kontorovskyi
Daniel Kontorovskyi is a Software Engineer at Snyk, and has spent most of the last 5 years building SAAS products in the security space. Most recently Daniel has been focused on the emerging need for security within cloud native applications and at runtime.