NEW SANS Stay Sharp Training - Live Online: Quickly sharpen your skills with 2-day management courses. Save 25% thru tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

Hacking the Security Footprint of Open Source Dependencies

  • Wednesday, September 30, 2020 at 10:30 AM EST (2020-09-30 14:30:00 UTC)
  • Liran Tal


  • Snyk

You can now attend the webcast using your mobile device!



Leveraging open source modules is a common way for developers to deliver complex functionality quickly. However, they also represent an undeniable and massive risk. You're introducing someone elses code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data. In this session we will further explore the security posture of open source maintainers and deep characteristics of application dependencies across language ecosystems, with stories from the Node.js and npm ecosystem.

This talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and most importantly see how to avoid or fix it.

Speaker Bio

Liran Tal

Liran Tal is a Developer Advocate at Snyk and a member of the Node.js Security working group. He is a JSHeroes ambassador, passionate about building communities and the open source movement and greatly enjoys pizza, wine, web technologies, and CLIs. Liran is also the author of Essential Node.js Security, a core contributor to OWASP NodeGoat project and loves to dabble about code, testing, and software philosophy.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.