Understanding the Risk of Supply Chain Attacks and Open-Source Libraries… And What to Do About It

Webinar Registration

Attacks that started upstream are major news today. The REvil ransomware attack leveraging Kaseya, the Hafnium attack via Internet-facing Exchange servers, and the now-infamous SolarWinds attack earlier this year are all warnings that threat actors are shifting to the supply chain to have a single attack provide access to hundreds-to-tens of thousands of networks.

As cybercriminals look for opportunities to get into the “supply chain game”, they have turned to looking at open-source libraries as a target. The use of open-source software (OSS) is mainstream today and has led to faster development and innovation, but also has increased the risk of vulnerabilities. Since development is focused on a libraries’ functionality, testing it to see if it is secure isn’t front of mind.

This puts the security of your organization’s supply chain in question. With most cyber insurance policies and even the White House’s latest Executive Order requiring a secure supply chain, the need to ensure your organizations supply chain is secure falls on internal IT.

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first discuss:

  • The state of supply chain attacks
  • The prevalence of open-source software today
  • Mapping supply chain attacks to the MITRE ATT&CK Framework

Nick will then be joined by Sean Wright, Principal Application Security Engineer for Immersive Labs who will demonstrate the insecurity found in today’s open-source code, and perform a live demonstration that includes:

  • Inject a payload in an open-source library
  • Using the payload to gain a reverse shell to a downstream system

Sean will then discuss how internal IT teams can help determine if any part of the applications sources from your supply chain are vulnerable using Open Web Application Security Project (OWASP) tools and how to mitigate detected vulnerabilities with a simple content security policy.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Job Title:  

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Upcoming Webinars
    Additional Resources