Description: In recent years secure development practices and supply chain integrity have gotten more attention. But the integrity of the source code repository, which should be central to both conversations, has been neglected.
There have been tons of known breaches in which attackers gained access to source code. Who says the code was only read?
Attackers with a foothold inside an enterprise can do fantastic damage to that organization, or to their downstream customers.
In this talk I'll go through several attack scenarios, and tie them to the many, many source code compromises we know about.
I'll go through some mitigation steps/strategies - or the lack thereof.
Hank Leininger (Co-Founder at KoreLogic)
Hank Leininger has been breaking stuff and building stuff for a while. While playing defense, he wrote the HAP-Linux kernel hardening patches in the late '90's, which have been a part of GRSecurity since the 2.4 kernel series. In 2004 Mr Leininger co-founded KoreLogic, Inc, an expert security consulting practice. He does not have any interesting letters after his name.
For More Information please visit : - http://www.bsidesdc.org
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.