À propos de ce groupe

This is a User Group for and by developers specialized in Microsoft .NET technologies, regardless of your level. You are also welcome if you are just curious on this technology, this is the right place to find the people to tell you all about it.

Follow us on twitter to catch up with latest news: @GenevaDNUG (https://twitter.com/GenevaDNUG)

Événements à venir (1)

How to attack a .NET software supply chain

HEPIA - Salle A106

How to attack a .NET software supply chain with Andrei Epure

Software supply chain attacks can be catastrophic. For instance, the 2020 SolarWinds hack was considered an attack against the entire government and private sector of the United States of America.

Security researchers have shown that all significant package managers are vulnerable to supply chain attacks like typosquatting and dependency confusion. NuGet is vulnerable by design in its default configuration.

First, you will see how typosquatting and dependency confusion attacks can compromise .NET supply chains that rely on the default NuGet configuration. Second, I will show how you can secure your NuGet configuration to thwart evil hackers.

This talk will assume attendees have some basic knowledge of NuGet and MSBuild.

About speaker: Andrei is part of the Languages Team at Sonar in Geneva, developing the code analyzers for the .NET offering (Code Quality and Security for C# and VB.NET using the Roslyn compiler framework). Formerly at Microsoft Ireland, Almetis France, and Bitdefender Romania.

Événements passés (48)

Photos (74)

Retrouvez-nous sur