Tickets
Agenda
Workshops
Speakers

Wednesday 

Room 4 

11:40 - 12:40 

(UTC+01

Talk (60 min)

Supply Chain Attacks:- Focused on NPM attacks. (Includes, demonstrations of research and prevention

Supply chain attacks or attacks on open-source software are spreading like no other disease. It includes examples like Dependency confusion, log4j, NPM attacks, Gem attacks on ruby, and A LOT of examples.

Application Security

This talk would be focusing on the What, Why, and How of this. Talking about the impact of the supply chain attacks as the weakest link in the chain and how to prevent them.

It would include Extensive internet scanning of NPM packages to find ones prone to account takeover [+ impact identification and defense]

This briefing is focused on the dangers of NPM package hacking and account takeover. As many of you know, NPM packages are crucial dependencies for the widely-used Javascript programming language. Unfortunately, in recent times there have been numerous instances of NPM package hacking, including confusion attacks and account takeovers, putting developers at risk without their knowledge.

Danish Tariq

Danish Tariq is a Security Engineer by profession and a Security researcher by passion. He has been working in Cyber Security for over 8 years and it all started out of a curiosity to break things and look deep down into those things (physical or virtual) back in his teenage years. His major expertise is Penetration Testing and Vulnerability Assessments.

- He was also involved in bug bounty programs as well, where he helped many companies by finding vulnerabilities at different levels. Companies include Microsoft, Apple, Nokia, Blackberry, Adobe, etc.

- Spoke @ BlackHat MEA 2022 (Briefing: Supply-Chain Attacks)

- Featured in "The Register" for an initial workaround for the NPM dependency attacks.

- Certified Ethical Hacker, Certified Vulnerability Assessor (CVA), Certified AppSec Practitioner, Certified Network Security Specialist (CNSS), IBM Cyber Security Analyst

- Ex-Chapter Leader @ OWASP

- Ex-Top Rated freelancer (Information security category) on Upwork

- Recent security research and CVEs include - CVE-2022-2848 & CVE-2022-25523

- Served as a Moderator @ OWASP 2022 Global AppSec APAC.

This website uses cookies to see how you use our website. How do you feel about that?

All good!
Don't want it