How Does Malicious Code Enter Applications?

Logo
Presented by

Grant Robertson, Product Manager & Kevin Scribner, Senior Product Manager

About this talk

Malicious code has been making headlines over the past years. The type of attacks may vary, but the consequences are real. We’ve seen a spate of malicious open source components identified within the NPM repository, or an ethical hacker gaining access to the systems of several notable tech companies using publicly hosted packages. Today, threat actors are looking beyond exploiting weaknesses in the application layer. Now they have started taking advantage of the inherent trust associated with open source software. Inadvertently building code with these weaknesses into applications leaves businesses and their customers prime targets of supply chain attacks. Join us as we discuss • What can be classified as malicious code or malware • Some of the techniques that attackers use to inject malicious code into the supply chain • Methods for identifying malicious code and open source components
Related topics:

More from this channel

Upcoming talks (12)
On-demand talks (122)
Subscribers (65717)
Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. As of October 1, 2024 the Synopsys Software Integrity Group is now Black Duck®