Join us for the OWASP St Louis Meetup: Lessons from npm's Dark Side - These Are Not the Packages You're Looking For
Malware is all about scale and time: How can I hit the most people in the shortest time? But not all ecosystems are equally vulnerable. The JavaScript ecosystem, particularly its package manager npm, is arguably the most vulnerable to supply chain malware attacks. And with JavaScript being the language of the web, this is a problem that impacts an estimated 27.4 million developers. So what are we to do? In this session learn about:
- Why attackers target JavaScript/npm
- A case study of 5 attacks
- Whether we can trust maintainers to adopt security controls (research!)
- What you can do to protect yourself and your company from malware
