Categories

Protecting my Node.js project of dependency confusion attacks

Published: 22 April 2021
on channel: DevSecCon
1,473
18

Having a private registry as part of a stack is getting a popular trend due to the benefits that it brings to your organization. But a misconfigured registry can open the door to malicious individuals. This talk is about how to secure a Node.js project from dependency confusions and other possible attacks using a Verdaccio registry as proof of concept.

Juan Picado
Senior Front-End Engineer at eBay Classifieds Group based in Berlin, building front-ends for classifieds like Kijiji Autos in Canada. He is a passionate JavaScript engineer, contributes to open source almost every day and is the lead maintainer of Verdaccio (mostly in his spare time). His goal is to help the Node.js ecosystem to keep a free and open private registry accessible for all developers.

Watch video Protecting my Node.js project of dependency confusion attacks online without registration, duration hours minute second in high quality. This video was added by user DevSecCon 22 April 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,473 once and liked it 18 people.

play_arrow
389
1

How To Get Sofi Referral Bonus

How To Get Sofi Referral Bonus
play_arrow
10,675
like

CATCH (CBA 2020) - Line Dance (Jo Thompson Szymanski & Grace David)

CATCH (CBA 2020) - Line Dance (Jo Thompson Szymanski & Grace David)
play_arrow
122,630
9K

You Should NEVER Visit THE BOBA TEA SHOP!

You Should NEVER Visit THE BOBA TEA SHOP!
play_arrow
235
12

НЕВОЗМОЖНАЯ КОНЦОВКА В SURVIVAL CHAOS (не 2кхаос)

НЕВОЗМОЖНАЯ КОНЦОВКА В SURVIVAL CHAOS (не 2кхаос)
play_arrow
936,070
18K

Redimi2 - Maverick (Álbum completo)

Redimi2 - Maverick (Álbum completo)
play_arrow
49,200
55

Un bestiale triangolo erotico trailer

Un bestiale triangolo erotico trailer
play_arrow
29
2

NoSQL | MongoDB Setup | PyMongo Commands

NoSQL | MongoDB Setup | PyMongo Commands
play_arrow
56,175
284

Ninja ss vs RX king

Ninja ss vs RX king
Related
play_arrow
Introducción a los CTFs

Introducción a los CTFs
play_arrow
Hack & Snack – Beer, Pizza & DevSecOps!

Hack & Snack – Beer, Pizza & DevSecOps!
play_arrow
Using Threat Modeling to Create a DevSecOps plan

Using Threat Modeling to Create a DevSecOps plan
play_arrow
Executando Gestão de Vulnerabilidades com Dados de Threat Intelligence

Executando Gestão de Vulnerabilidades com Dados de Threat Intelligence
play_arrow
Git Actions for Android: Simplifying Development

Git Actions for Android: Simplifying Development
play_arrow
OWASP ML Security Top 10

OWASP ML Security Top 10
play_arrow
Ace Your Security: Exploring Card Games in Threat Modelling

Ace Your Security: Exploring Card Games in Threat Modelling
play_arrow
AWS Privilege Escalation and Lateral Movements

AWS Privilege Escalation and Lateral Movements
play_arrow
Platform Engineering in the homelab: self-hosting and automating services you can trust

Platform Engineering in the homelab: self-hosting and automating services you can trust
play_arrow
Cover your apps: 3 pillars of AppSec

Cover your apps: 3 pillars of AppSec
play_arrow
Zero Trust Principles in DevSecOps

Zero Trust Principles in DevSecOps
play_arrow
Motivating the average developer to engage in DevSecOps

Motivating the average developer to engage in DevSecOps