SecAppDev 2023 lecture details
Fantastic software supply-chain vulnerabilities
This session dives into software supply-chain vulnerabilities, defense strategies, and risk mitigation. Attendees will gain insights and tools to build resilient supply chains and protect organizations from evolving threats.
Tuesday June 13th, 09:00 - 10:30
Room Lemaire
Download handoutsAbstract
In this engaging talk, we investigate software supply-chain vulnerabilities and defense tactics. Using anecdotes, case studies, and live demos, we unveil hidden risks and cover attack surfaces, risk assessment, and mitigation. This session covers essential tools like Software Composition Analysis (SCA) and Software Bill of Materials (SBOM), while sharing strategies for building a resilient supply chain, such as vendor management, DevSecOps integration, and continuous monitoring. Attendees will gain insights to protect their organizations from ever-evolving software supply-chain threats.
Key takeaway
A comprehensive understanding of the current state of software supply-chain vulnerabilities and comprehensive defensive strategies
Content level
Introductory
Target audience
Security managers, DevSecOps pros, AppSec pros, security engineers
Prerequisites
Knowledge of CI/CD and DevOps tools, basic knowledge of Infrastructure as Code
Abhay Bhargav
Founder and Chief Research Officer, AppSecEngineer
Expertise: Cutting-edge application security including cloud(-native) security, DevSecOps and threat modeling
Related lectures
Third-party library security management
Deep-dive lecture by Jim Manico in room West Wing
Wednesday June 14th, 14:00 - 15:30
Managing third party library dependence is one of the most difficult challenges in software development and requires significant process and technical discipline. This session offers actionable advice on getting this challenge under control.
Key takeaway: To handle third-party dependencies securely, you need to reduce the amount of libraries you use, vet the ones you use, and keep them up to date
Access control unveiled: Challenges & best practices
Deep-dive lecture by Maarten Decat in room West Wing
Tuesday June 13th, 11:00 - 12:30
Having control over who can access what within an organization has become a cornerstone of modern cybersecurity. This session provides a deep dive into the challenges and best practices of both access control and identity and access management.
Key takeaway: Understanding access control & Identity and Access Management (IAM), including challenges & best practices for effective implementation.
Supply chain risks in software development
Introductory lecture by Bruno Bossola in room West Wing
Tuesday June 13th, 14:00 - 15:30
This session covers supply chain risks in software development, techniques for managing them, and best practices for developers to mitigate risks and ensure secure and reliable software products. Where possible, we use live demos.
Key takeaway: Learn how to reduce supply chain risk adopting techniques used in the industry today.