關於使用條款隱私政策聯絡
 
更新中
DevSec Station

DevSec Station

發行日期:2026-04-15
© 2026 SheHacksPurple
DevSec Station - QR碼
2 Episodes
音訊
立即收聽,就在 Apple Podcast
2 Episodes
音訊
立即收聽,就在 Apple Podcast
發行日期:2026-04-15
© 2026 SheHacksPurple
最新的單集
The Anatomy of a Modern Supply Chain Attack

The Anatomy of a Modern Supply Chain Attack

What if a supply chain attack didn’t start with a sophisticated exploit… but with something totally normal? A typo. A copy-paste. An AI suggestion. In this episode, Tanya Janca walks through how modern supply chain attacks actually happen, and why t
時間長度:10:14
What if a supply chain attack didn’t start with a sophisticated exploit… but with something totally normal?
A typo.
A copy-paste.
An AI suggestion.
In this episode, Tanya Janca walks through how modern supply chain attacks actually happen, and why they’re less about “elite hackers” and more about everyday developer workflows.
You’ll learn why these attacks are not a single event, but a sequence of small, reasonable decisions that quietly introduce risk into our systems.
What You’ll Learn
 Why supply chain attacks are a process, not a moment How attackers exploit normal developer behaviour A realistic, step-by-step walk through of a modern attack  Why traditional SCA approaches often fail  How to focus on real risk instead of noiseA Realistic Attack, Step by Step
This episode walks through a common pattern seen in real-world incidents:
 An attacker identifies a package name used internally  They publish a lookalike or typo-squatted package  Malicious behaviour is hidden in install scripts or dependencies  A developer installs it, often unintentionally  The system continues working… but access is now compromised 
Bad / Better / Best: Managing Supply Chain Risk
Bad: Ignore supply chain risk or abandon tools due to noise
Better: Use SCA, but without context or prioritization
Best: Use SCA with reachability or runtime analysis
If You Do Just One Thing This Week
Run an SCA tool with reachability enabled, and take action on one issue.
 Run SCA on your current project  Filter to: high severity + reachable Fix one issue (remove, upgrade, or replace)  Add one guardrail:  Pin versions and use lockfiles  Restrict registries  Fail CI on high + reachable findings You don’t need to fix everything. But you do need to start.
 
🚉 About DevSec Station
DevSec Station is a security-focused podcast for developers.
Please like and subscribe. Hosted by Tanya Janca | SheHacksPurple
單集識別碼:1000761397801
GUID:Buzzsprout-19017150
發佈日期:2026/4/15 上午5:00:00

說明

DevSec Station is a security focused podcast for software developers who want to create amazing applications. Hosted by Tanya Janca, also known as SheHacksPurple, these short lessons will help you level up.

Apple Podcasts:評論

無條目