No cON Name – Developer in a digital crosshair, 2022 edition

Author: Mateusz Olejarka

The frequency of attacks on third-party libraries and tools used in software development has dramatically increased in recent years. 

Typosquatting, dependency confusion, malicious changes in popular dependencies (UAParser.js, coa, node-ipc…), issues in popular dev tools (Codecov, Homebrew, npm…) or incidents (PHP, GitHub…). In this presentation, I will go over many fascinating, recent examples of these attacks, their causes and effects, and recommend to you how to stay secure when developing software. 

Presented at: No cON Name 2022. 

Mateusz Olejarka Principal IT Security Consultant
Head of Web Security