Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Danish_Tariq_Hassan_Khan_Yusufzai_supply_chain_npm_attacks Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 1:55 about danish 2:37 disclaimer 2:54 supply chain 3:50 software supply chain 4:39 supply chain attacks 4:45 examples 6:11 npm (node package manager) 9:18 maintainer email address takeover 9:54 significance of maintainer email - recently 10:53 process - attacker's perspective 11:32 defensive strategy for projects or companies 13:49 research - wordl-wide-how 14:53 hassan intro 15:58 research - npm packages (domains) 22:37 impact!!! 24:48 gap that could be filled 26:04 ruby gems research approach 26:56 vulnerable ruby gem 27:24 hardest part! 27:43 some fun stuff! 28:22 another tool: script to detect dependency confusion 28:31 gemscanner 29:11 solutions 31:58 any questions? 32:22 thank you!