Rhyming with Hacks - the Ballad of Supply Chain Attacks
Pedro Fortuna at Global AppSec Tel Aviv 2019
2018 was big on Supply Chain Attacks (SCA), with big e-commerce companies such as British Airways or Ticketmaster being targeted. The cyber criminal groups behind some of these attacks are referred to as Magecart. During this talk, we'll present SCAs, how they work and how they scale. We’ll go through the anatomy of these attacks and see if and how they can be prevented or mitigated. We’ll discuss the effectiveness of existing solutions like Content Security Policy or Subresource Integrity. We’ll take a deeper look into one real-life SCA, by going through the attacking code and understanding what it does. We’ll then present a new approach that we’ve been working on that is based on DOM real-time monitoring. We'll do a live demo of our solution defending against the real-life SCA presented before. Its merit in detecting and mitigating this and other SCA attacks will be discussed.
Pedro Fortuna
CTO, Jscrambler
Pedro Fortuna is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services.
Pedro Fortuna
CTO, Jscrambler
Pedro Fortuna is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services.