Malware Discovered in Popular NPM: Anatomy of Next-Gen Supply Chain Attacks

In this meetup, we will explore some tools and understand guidelines that can secure popular software packages and dependencies such as NPM, PyPI, Maven, NuGet, Crates and RubyGems.

We will also learn how Gitops play a critical role in "shifting left" and learn how to set up guardrails, not roadblocks, to help developers. We will also look at how fuzzing can be incorporated into DevSecOps.

Finally we will learn the importance of having Cloud Infrastructure Entitlements Management (CIEM) to enforce permissions and security identities across workloads and clouds. Demo will be included in this meetup.

Speaker: Nathan Aw
With over 9 years of experience as a software developer and application (security) architect, Nathan Aw is a firm believer-practitioner of zero trust and advocate of secure coding practices. His passion is in designing, building and rolling out asynchronous, polyglot-based microservices that are both zero-trust, performant which can securely run anywhere (multi-cloud and/or on-premise) that scale without limits.

Through hands-on setup of a Secure Software Factory (SSF), he understands the importance of setting up a first-class secure software factory that is able to industralise “shift left” practises that translates to quicker delivery of trusted and secure digital services to its customers.

Other Nathan's interests include emerging technology frameworks and frontier technologies such as WebAssembly, metaverse, quantum computing, cybersecurity for 5G Cloud Infrastructure and ICS/OT.

More on Nathan can be found at https://nathanawmk.github.io/ and https://sg.linkedin.com/in/awnathan