Name: XZ Backdoor: Navigating the Complexities of Supply Chain Attacks Detected by Accident
Start: 2024-06-28T13:15:00+0100
End: 2024-06-28T14:00:00+0100

XZ Backdoor: Navigating the Complexities of Supply Chain Attacks Detected by Accident

Why did an individual, not-security-related person discover the XZ attack on such an important upstream open-source project such as the XZ Utils?

Four years after the SolarWinds attack, we still see confusion when it comes to Vulnerabilities, Zero-Days & just intentional Malware. So let’s talk about it!

In this session, we will highlight the differences between those various Open-Source threats.

We will shine a spotlight on a critical yet often overlooked area: compromised 3rd party libraries and CI/CD attacks.

We'll showcase real-world examples, differentiate vulnerabilities from attacks (spoiler alert - Log4J is not an attack), and attach the risks to frameworks like NIST SSDF, OWASP PSCF, and SLSA.

Speakers

Yoad Fekete

DevOps Engineer, Myrror Security

I am a DevOps engineer with over 13 years of experience in IT, DevOps, and DevSecOps.I have designed, built hands-on, and secured complex Cloud & On-Prem projects in startups and corporates.It started from the Stone era when people deployed servers in racks. Creating infrastructure... Read More →

Friday June 28, 2024 1:15pm - 2:00pm WEST

Breakout: Defender Track

Audience Advanced

Feedback form isn't open yet.

OWASP Global AppSec Lisbon 2024

Yoad Fekete

Attendees (3)

OWASP Global AppSec Lisbon 2024

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Yoad Fekete

Attendees (3)