Fantastic Software Supply-Chain Vulnerabilities and How to Defend Against Them

In addition to RSVPing to this event you MUST register for the Zoom event. After you RSVP, please click on the "Online event" link to register. The "Online event" link will appear on the top of the screen if you are on the Meetup mobile app, or the right-hand side if you are on a desktop browser on a computer.

REGISTRATION:
Please register in advance SOONEST for our virtual Zoom meeting. We can only issue you a certificate of attendance for CPEs if you provide us your full name.

ABSTRACT:
In this enlightening and engaging talk, Abhay will delve into the world of software supply-chain vulnerabilities and explore the most effective strategies for defending against them. As the software development ecosystem becomes increasingly complex and interconnected, the risks associated with supply-chain vulnerabilities have also grown exponentially.

By sharing captivating anecdotes, insightful case studies, and live demos, Abhay will shed light on the hidden dangers lurking within the software supply chain and offer practical advice for safeguarding organizations against these threats. The talk will cover a wide range of topics, including:

The evolving landscape of software supply-chain vulnerabilities: An overview of the most notorious incidents and their far-reaching consequences.

Understanding the attack surface: A deep dive into the common entry points for attackers, such as third-party dependencies, open-source libraries, and CI/CD pipelines.

Case studies: Real-life examples of high-profile software supply-chain attacks to illustrate the severity and complexity of these threats.

Risk assessment and mitigation: Essential tools and techniques for identifying and managing software supply-chain risks, such as Software Composition Analysis (SCA) and Software Bill of Materials (SBOM).

Live demos: Hands-on demonstrations of how attackers exploit supply-chain vulnerabilities and how to effectively defend against them using best practices and cutting-edge solutions.

Building a resilient software supply chain: Proactive steps organizations can take to secure their software development lifecycle, including vendor management, DevSecOps integration, and continuous monitoring.

By the end of this talk, attendees will have gained a comprehensive understanding of the current state of software supply-chain vulnerabilities, as well as the knowledge and tools necessary to protect their organizations from these ever-evolving threats.

PRESENTER'S BIO:
Abhay Bhargav is a cybersecurity expert, entrepreneur, and speaker known for his contributions to the field of application security. He’s the Founder and Chief Research Officer of AppSecEngineer, an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security and DevSecOps. AppSecEngineer delivers hands-on security skills that companies are actually looking for.
Abhay started his career as a breaker of apps, in pentesting and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps
He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security. In addition, Abhay has contributed to pioneering work in the Vulnerability Management space, being the architect of a leading Vulnerability Management and Correlation Product, Orchestron. Abhay is also committed to Open-Source and has developed the first-ever Threat Modeling solution at the crossroads of Agile and DevSecOps, called ThreatPlaybook.

Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on. He's authored two international publications on Java Security and PCI Compliance as well.

EVENT DETAILS:
Everyone is invited to the 20 May 2023 free virtual meeting of our Information Systems Security Association Northern Virginia chapter (ISSA NoVa) Risk Management Framework (RMF) LifeBoat:
• 9:45 am – People may join the Zoom meeting
• 10 am – Presentation will begin
• 11:30-45 am – Presentation will end – open forum discussions/networking begins
• 12 pm – Planned meeting end, but host may extend meeting

REGISTRATION:
Please register in advance SOONEST for our virtual Zoom meeting. We can only issue you a certificate of attendance for CPEs if you provide us your full name.