Name: Dependency Confusion Attack
Start: 2023-03-09T19:00:00+02:00
End: 2023-03-09T20:30:00+02:00
Location: ESI Center Eastern Europe

Some programming languages, like Python, come with an easy, official method of installing dependencies for your projects. These installers are usually tied to public code repositories where anyone can freely upload code packages for others to use. You have probably heard of these tools already — Node has npm and the npm registry, Python’s pip uses PyPI (Python Package Index), and Ruby’s gems can be found on… well, RubyGems. Have you ever run a command like 'pip3 install some_package'? Did you know that when downloading and using a package from any of these sources, you are essentially trusting its publisher to run code on your machine? Can this blind trust be exploited by malicious actors?

Mihail Stoynov

OWASP Sofia Chapter

Technology

Open Source

Computer Programming

Computer Security

OWASP

Information Security

Software Security

Penetration Testing

Cybersecurity

Web Application Security

Application Security

Viktor is an IT professional with over 5 years of experience in a multitude of disciplines within the industry. He is most passionate about the offensive side of cybersecurity, where he has specialized as an ethical hacker. He is currently the Senior Penetration Tester at SoCyber - a bulgarian company founded with a mission and vision for the future of cybersecurity.

Victor Mares

Dependency Confusion Attack

ESI Center Eastern Europe

Share

OWASP Sofia Chapter

Dependency Confusion Attack

OWASP Sofia Chapter

Details

Related topics

You may also like