Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
Join one of our Snyk pros for a hands-on JavaScript and cloud native live-hacking session, to show common threats, vulnerabilities and misconfigurations. Most importantly, we'll also show how you can protect your application with actionable remediation and best practices for each exploit we demonstrate.
Chapters:
00:00:00 - Stream Start
00:03:05 - Introductions
00:04:53 - The State of OSS
00:07:02 - Examples of open source software attacks
00:10:16 - Supply chain attacks affect all ecosystems
00:11:27 - The iceberg
00:14:24 - Cybersecurity challenges in OSS
00:14:56 - Live Hacking
00:30:08 - What did we learn?
00:32:39 - Back to our iceberg
00:35:46 - What can go wrong with using Containers?
00:38:36 - What's the last layer of the iceberg
00:41:10 - The modern application
00:41:47 - SDLC Pipeline
00:43:26 - Defense in Depth
00:45:23 - Recommendations
00:46:40 - Useful resources
00:48:18 - Closing
Links:
Typosquatting: snyk.io/blog/typosquatting-attacks
Fallguys Package: snyk.io/advisor/npm-packages/fallguys
EventStream Incident: snyk.io/blog/a-post-mortem-of-the-malicious-event-stream-backdoor
Marked Package: snyk.io/advisor/npm-package/marked
Snyk CLI: docs.snyk.io/snyk-cli
Snyk IDE Plugins: snyk.io/ide-plugins
Snyk Learn: learn.snyk.io
Docker Security Best Practices: snyk.io/blog/10-docker-image-security-best-practices
Learn more about Snyk http://bit.ly/snyk-io
📱Social Media📱
___________________________________________
Twitter: https://twitter.com/snyksec
Facebook: https://www.facebook.com/snyksec
LinkedIn: https://www.linkedin.com/company/snyk
Website: https://snyk.io/
Cheatsheets: snyk.io/security-resources/cheat-sheet
State of Open Source Security: snyk.io/reports/open-source-security
#snyk #javascript #security #nodejs