I am a senior software engineer with more than 15 years of experience in creating distributed cloud enterprise systems. I have worked on critical platforms, used by millions of people everyday for work. I am a tech geek, cybersecurity enthusiast and public speaker. All my past and future speaking engagements can be seen here. I am active on Twitter here. 

Supply Chain Shenanigans: Evil npm & Shady NuGet

Supply chain attacks pose a significant threat to software development, with NPM and NuGet being prime targets for malicious actors. This session explores the world of supply chain shenanigans, uncovering the techniques used by attackers to compromise NPM and NuGet packages. From npm substitution attacks to npm lock file injection, dependency confusion, repository proxying issues, and typo-squatting, we delve into the dark underbelly of package management. Through real-world case studies, we analyze the devastating consequences of these attacks on software integrity and security. 

But fear not! This session provides practical insights and actionable strategies to fortify defenses against supply chain antics. Join us as we navigate the treacherous waters of NPM and NuGet attacks, unveiling vulnerabilities and sharing best practices for prevention. Whether you’re a developer, security professional, or a concerned stakeholder, this session equips you with the knowledge and tools to safeguard your software supply chain. Let’s fight back against these shenanigans and protect our code!