Room 4

13:40 - 14:40 (UTC+11)

Talk (60 min)

The Rise of Software Supply-Chain Attacks – How Secure is your .NET Application?

In the early days, breaking into systems (hacking) mostly consisted of finding machines that where connected to the internet and exposed all their services. In some way the industry became better in locking down infrastructure and access and the attacks focused more on applications finding issues like SQL injection and Cross-Site Scripting. With the latest move to ‘DevOps’ and the use of build pipelines for CI/CD, with Azure DevOps or GitHub Actions, attacks even have become a lot more sophisticated. What if the used container images and/or 3rd party libraries contain vulnerabilities? With cloud native approaches like Azure Functions our application landscapes have become a lot more complex giving hackers more opportunities because of the increased attack surface. All steps we need to take to develop, test and release our software can be referred to as the software supply chain, which has become a lot more complicated. In this session we'll take a .NET application and go through the different area's of the supply chain, identify the security issues, and possible ways of resolving those issues!

Continuous Dellivery

Niels Tanis

Niels Tanis has got a background in .NET development, pentesting and security consultancy. He also holds the CSSLP certification and has been involved in breaking, defending and building secure applications. He joined Veracode in 2015 and right now he works as a security researcher on a variant of languages and technologies related to Veracode’s Binary Static Analysis service. He is married, father of two and lives in a small village just outside Amersfoort, The Netherlands.