Skip to main content

Hacking your infra from the outside by exploiting npm Dependency Confusion attacks

Hacking your infra from the outside by exploiting npm Dependency Confusion attacks

Description:

What happens when you incorrectly manage your private packages registry, your developers misconfigure their local npm proxy, and malicious actors are free to abuse an open-source ecosystem? It's called Dependency Confusion and it's an attack that enabled security researchers to infiltrate big-name corps. You don't want to be the next victim on the headlines, right? Let me take you on a step-by-step deep dive into how this attack manifests and how you can defend against it.

Speakers:

Liran Tal

Director of Developer Relations, Snyk