OWASP Monthly Meeting - April 27 2016

Speaker: Mark Curphey

Topic: The open-source threat landscape in a DevOps world

Abstract:

Building software using open-source libraries is the new normal but the bad guys are trying to spoil the party having figured out that re-usable code means reusable vulnerabilities. In this presentation we will show you how the threat landscape has changed with the advent of DevOps and how the end-to-end open-source software supply chain is being attacked with actual exploits and real examples. We will show you what hackers are doing and how to protect yourself and your team from these attacks so you can carry on shipping safe and secure open-source projects.

We will cover:

• Bad security advice from Q & A sites

• Malicious code editor plugins

• When bad things happen to good build and package managers

• Trusting binary repositories like Maven central

• Vulnerabilities and backdoors in open-source libraries

• Hiding bad things in source code management

• Abusing continuous integration systems to mine Bitcoins

Speaker Bio:

Mark Curphey is CEO of SourceClear, The Security Company for Software Developers. He founded OWASP (http://www.owasp.org (http://www.owasp.org/)) when he ran software security at Charles Schwab and has written chapters on software security in books published by O’Reilly. http://www.srcclr.com (http://www.srcclr.com/)

Thanks to our sponsor: Incapsula (https://www.incapsula.com)

http://photos3.meetupstatic.com/photos/event/c/d/8/6/600_448672614.jpeg