Vandana Verma

Walking into the era of Supply Chain Risks

Your application is 90% open-source code, making it a prime target. See live hacks that exploit common dependencies and learn how to build a secure pipeline.

Walking into the era of Supply Chain Risks
#1about 4 minutes

Developers as an unintentional malware distribution vehicle

Recent incidents like the event-stream package compromise show how attackers can turn developers into a distribution channel for malware.

#2about 4 minutes

The hidden risks of open-source dependencies

Vulnerabilities in common dependencies, like Apache Struts which led to the Equifax breach, highlight the danger of unmanaged open-source code.

#3about 4 minutes

Defining the modern software supply chain

The software supply chain mirrors a manufacturing process, and attackers exploit its weakest links to create cascading failures.

#4about 4 minutes

Common attack vectors and the zero trust principle

Attacks like dependency confusion and prototype pollution, exemplified by the SolarWinds incident, necessitate a zero trust security model.

#5about 4 minutes

Building a foundation for pipeline security

Secure your development pipeline by using frameworks from OpenSSF, implementing SBOMs, and securing code, containers, and secrets.

#6about 4 minutes

Demo: Bypassing sanitization with prototype pollution

A practical demonstration shows how prototype pollution can bypass input validation in a Node.js application by passing an array instead of a string.

#7about 3 minutes

Demo: Exploiting the Log4Shell vulnerability

This live hacking demo shows how the Log4j (Log4Shell) vulnerability allows an attacker to achieve remote code execution on a vulnerable server.

#8about 2 minutes

Demo: Remote code execution via a Python dependency

A vulnerable version of the Python Celery library is exploited to achieve remote code execution and exfiltrate server information.

#9about 1 minute

Fostering a developer-first security culture

The key to better security is creating a developer-friendly environment and engaging with communities like OWASP to stay informed.

#10about 8 minutes

Q&A: Career advice for aspiring security professionals

The speaker shares her career journey, tips for students entering cybersecurity, and thoughts on social engineering and learning resources.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Technical challenges of shipping a cross-platform browser
09:38 MIN

Technical challenges of shipping a cross-platform browser

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

How AI-generated content is overwhelming open source maintainers
06:46 MIN

How AI-generated content is overwhelming open source maintainers

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

Getting hired by contributing to open source projects
05:32 MIN

Getting hired by contributing to open source projects

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Featured Partners

Related Videos

See all videos
Stranger Danger: Your Java Attack Surface Just Got Bigger1:58:59

Stranger Danger: Your Java Attack Surface Just Got Bigger

Vandana Verma Sehgal

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Supply Chain Security and the Real World: Lessons From Incidents24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

Security Pitfalls for Software Engineers27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Open Source Secure Software Supply Chain in action32:55

Open Source Secure Software Supply Chain in action

Natale Vinto

How your .NET software supply chain is open to attack : and how to fix it28:45

How your .NET software supply chain is open to attack : and how to fix it

Andrei Epure

Vulnerable VS Code extensions are now at your front door44:11

Vulnerable VS Code extensions are now at your front door

Raul Onitza-Klugman & Kirill Efimov

Securing your application software supply-chain28:27

Securing your application software supply-chain

Niels Tanis

Related Articles

View all articles
BB
Benedikt Bischof
Walking Into The Era of Supply Chain Risks
Welcome to this issue of the WeAreDevelopers Live Talk series. This article recaps an interesting talk by Vandana Verma who introduced the audience interesting topic of supply chain risks.About the Speaker:Vandana is Security Solutions Architect at S...
Walking Into The Era of Supply Chain Risks

From learning to earning

Jobs that call for the skills explored in this talk.

Software Developers

Software Developers

Code Healers LLC
Hinesville, United States of America

Remote
30-40K
Intermediate
Senior
.NET
React
JavaScript
+2
Software Developer

Software Developer

Code Healers LLC
Hinesville, United States of America

Remote
20-30K
Junior
Intermediate
React
JavaScript
TypeScript
+1