snip.
← Back to Home ID: 4284
Tanya Janca | SheHacksPurple @shehackspurple.bsky.social
Jul 4, 12:58 AM

Realistic attack example: no movie-hacker hoodie required. Sometimes the badness happens quietly, upstream, in a place everyone already trusts. And that is exactly why “but our code is fine” is not enough. #episode4 Watch: https://twp.ai/Ils7fY Listen: https://twp.ai/4hsO5M

🎤 Whisper Transcript (en) ⏱ 66s

"For years, we've talked about supply chain security as if it's just about dependencies and to be clear Dependencies matter a lot. They're very important But modern attacks don't stop there because attackers don't think in categories like a lot of us do They think in paths to exploit They don't have to follow rules like we do Any person tool or service or process that can influence your code or your build or your deployment is Part of your software supply chain and that includes things we don't always label as security problems So let's walk through a realistic scenario together No one exploits your app No one breaks your cryptography. No one hacks production directly Instead an attacker compromises a developer account or a CI token or a browser plug-in a build script a GitHub action that you didn't write but it's part of your CI"

💬 Discussion

Tanya Janca | SheHacksPurple @shehackspurple.bsky.social · Jul 3, 04:30 PM

Realistic attack example: no movie-hacker hoodie required. Sometimes the badness happens quietly, upstream, in a place everyone already trusts. And that is exactly why “but our code is fine” is not enough. #episode4 Watch: https://twp.ai/Ils7fY Listen: https://twp.ai/4hsO5M