Lessons from npm's Dark Side: These Are Not the Packages You're Looking For
Overview
Unpack npm malware tactics with real case studies and walk away with concrete steps to shield your apps, designed for developers, security pros, and IT leaders.
Details
Lessons from npm's Dark Side: These Are Not the Packages You're Looking For
Malware is all about scale and time: How can I hit the most people in the shortest time? But not all ecosystems are equally vulnerable. The JavaScript ecosystem, particularly its package manager npm, is arguably the most vulnerable to supply chain malware attacks. And with JavaScript being the language of the web, this is a problem that impacts an estimated 27.4 million developers. So what are we to do? In this session learn about:
- Why attackers target JavaScript/npm
- A case study of 5 attacks
- Whether we can trust maintainers to adopt security controls (research!)
- What you can do to protect yourself and your company from malware
What to Expect
- Introductions and Updates on chapter events and engagement ideas
- Primary presentation
- Network with fellow professionals who care about building and securing great software.
- Food & Drink provided for in-person attendees! (please RSVP to ensure accurate head count)
(* OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security)
Event Details
📍 Location: RubinBrown, 7676 Forsyth Blvd., Suite 2100, Saint Louis, MO 63105
🗓 Date/Time: January 13, 2025 / 6:00pm CDT
ℹ️ Parking Directions:
- Google map to “North Lyle Avenue & Forsyth Boulevard, Clayton, MO 63105” Link: https://maps.app.goo.gl/WYqyZ3Jv9cUBBF289
- Enter the Parking Garage #4 (from Forsyth Blvd) next to Dry Bar
- Pull a ticket at the gate and proceed into the garage, turning right.
- Up the ramp is visitor parking. You may have to go up past the 6th floor.
- Take elevator to *L (Lobby of Centene Plaza C)
- Check in at the OWASP sign-in table in the lobby; you'll be escorted up
- Bring your parking ticket with you to get validated at the meetup.
Who Should Attend
- Application & security professionals
- Software engineers and developers
- IT leaders and managers
- Anyone with an interest in application security
About OWASP
The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation dedicated to improving the security of software. Local chapters provide opportunities to learn, network, and collaborate with others in the field.
Come to learn more and participate in OWASP Saint Louis - your voice will continue to help shape what OWASP Saint Louis becomes next.