logo

Breaking the Chain: An Attacker's Perspective on Supply Chain Vulnerabilities and Flaws

Conference:  Black Hat Asia 2023

2023-05-12

Authors:   Yakir Kadkoda, Ilay Goldman


Abstract

Our talk divides the cloud development flow into 5 phases: IDE, SCM, package managers, CI/CD and Artifacts. We will demonstrate how supply chain attacks can affect organizations at each phase. This includes the risks of cloud, platforms, and application development, as well as the attacker's perspective on how to exploit these areas.We will unveil vulnerabilities and flaws in popular platforms corresponding to each one of the areas. We will also talk about the eco-system and how developers are working with these platforms. Finally, we will show our original research including vulnerabilities and flaws in various platforms and talk about each finding and its implications and mitigations.

Materials: