Indiana is a security engineer at Security Innovation who specializes in testing web applications, APIs, and cloud configurations. He has a background in web development and previously worked in telecommunications and banking, performing penetration tests and security assessments. In his spare time, he works on personal coding projects and eats copious amounts of sushi.
Security EngineerWhat is your company/affiliation(s)? –
Security InnovationLinkedIn profile (full URL) –
Q&A and discussion for the malware block, hosted and moderated by Laurent Desaulniers Questions will be gathered from the audience during the four prior talks.
Due to one small Github feature, some projects that depend directly on a Github repository are vulnerable to remote code injection. This talk will discuss novel research that was conducted to determine the prevalence of an obscure vulnerability related to Github project dependencies. The research demonstrates that this vulnerability, repo jacking, is exceedingly widespread and affects over 70,000 open-source projects. We will explain the vulnerability itself, what caused it and how to exploit it, as well as how we scanned a large percentage of open-source projects for this vulnerability. Finally, we will also discuss mitigations and how to protect yourself and your projects from it.