Having a private registry as part of a stack is getting a popular trend due to the benefits that it brings to your organization. But a misconfigured registry can open the door to malicious individuals. This talk is about how to secure a Node.js project from dependency confusions and other possible attacks using a Verdaccio registry as proof of concept.
DSC Germany
Protecting my Node.js Project of Dependency Confusion Attacks
with Juan Picado
play_circle
Sharefacebookmail_outlinelink
Description:
Tags:
Application Security
AppSec
Open Source
Secure Development
Security Transformation
Threat Modeling
About Juan Picado
Senior Front-End Engineer at eBay Classifieds Group based in Berlin, building front-ends for classifieds like Kijiji Autos in Canada. He is a passionate JavaScript engineer, contributes to open source almost every day and is the lead maintainer of Verdaccio (mostly in his spare time). His goal is to help the Node.js ecosystem to keep a free and open private registry accessible for all developers.