Author: Mateusz Olejarka
The frequency of attacks on third-party libraries and tools used in software development has dramatically increased in recent years.
Typosquatting, dependency confusion, malicious changes in popular dependencies (UAParser.js, coa, node-ipc…), issues in popular dev tools (Codecov, Homebrew, npm…) or incidents (PHP, GitHub…). In this presentation, I will go over many fascinating, recent examples of these attacks, their causes and effects, and recommend to you how to stay secure when developing software.
Presented at: No cON Name 2022.
Head of Web Security