SANS Community Nights provide a great way to stay in touch with your local InfoSec community and to hear the latest thought leadership from SANS world-leading instructors.
Join us at the Grand Connaught Rooms, 61-65 Great Queen Street London, WC2B 5DA, United Kingdom
View the agenda below:
Tuesday 9th April 2024
Registration and Drinks
17:30 – 18:00
Developers, Developers, Developers: Three Attacks Targeting Developers
with Johannes Ullrich
18:00 - 19:00
Networking
19:00 - 20:00
Abstract:
Developers, Developers, Developers: Three Attacks Targeting Developers with Johannes Ullrich
Everybody is talking about supply chain security. But supply chains are more than parts, libraries, and APIs. They include people, and developers, to duct tape the parts into something that vaguely resembles functioning software. While developers often hide in their cubicles or home offices to seek safety in the shadows of large monitors, attackers have an easier time finding them than some nontechnical managers. They found them in IDA plugin stores, software package repositories, Stackoverflow, and online gaming communities (even during work hours). Network defenders, on the other hand, have often ignored developers, not just because they are "weird" but because standard security solutions often interfere with their work and cause them to complain loudly. In this talk, you will learn about some of these attacks, how to defend against them, and all the good reasons why many developers just don’t care.