Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Aug 10, 2022

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Join one of our Snyk pros for a hands-on JavaScript and cloud native live-hacking session, to show common threats, vulnerabilities and misconfigurations. Most importantly, we'll also show how you can protect your application with actionable remediation and best practices for each exploit we demonstrate.

00:00:00 - Stream Start
00:03:05 - Introductions
00:04:53 - The State of OSS
00:07:02 - Examples of open source software attacks
00:10:16 - Supply chain attacks affect all ecosystems
00:11:27 - The iceberg
00:14:24 - Cybersecurity challenges in OSS
00:14:56 - Live Hacking
00:30:08 - What did we learn?
00:32:39 - Back to our iceberg
00:35:46 - What can go wrong with using Containers?
00:38:36 - What's the last layer of the iceberg
00:41:10 - The modern application
00:41:47 - SDLC Pipeline
00:43:26 - Defense in Depth
00:45:23 - Recommendations
00:46:40 - Useful resources
00:48:18 - Closing

Fallguys Package:
EventStream Incident:
Marked Package:
Snyk CLI:
Snyk IDE Plugins:
Snyk Learn:
Docker Security Best Practices:

Learn more about Snyk

📱Social Media📱
State of Open Source Security:

#snyk #javascript #security #nodejs