Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/ef/Global%20AppSec%202023%20-%20Fixing%20Broken%20Access%20Control%20-%20Final.pptx
We've been hearing a lot about software supply chain attacks over the last two years, and with good reason. The cybersecurity ecosystem and industry at large have been inundated with warnings about this attack vector, with high-profile attacks leading to a stark increase in vendor solutions, and government regulations keep trying to catch up. Yet despite the popularity of AppSec-related incidents, our research has shown that most organizations do not have an incident response plan in place specifically for these attacks. Others that do have an IR playbook, often prepare to respond to infra-related attacks such as ransomware, rather than attacks based on application channels. Given the prevalence of these attacks, this presentation will focus on software supply chain incident response. It will include a quick response playbook, trends, and characteristics that make AppSec incident response deserving of its own plan.
Omer Yaron
Snyk
Security Researcher
Omer Yaron is a security researcher at Snyk, formerly the Head of Research at Enso Security. Omer has practical experience in securing scale cloud-computing and serverless environments from complex authorization architecture design to monitoring and incident response. Furthermore, working at the Israel National Cyber Directorate, Omer took an active role in incident response and digital forensics of nation-level cyber-attacks across large organizations. He also developed certifying courses and methodologies for incident response and triage procedures for the Israeli Cyber Emergency Response Team SOC.
Working at the content core team of Magshimim, Israel's national cybersecurity youth training program, in conjunction with the Ministry of Defence, IDF, and National Cyber Directorate he created cyber-related content and syllabus for exceptional youth in the fields of computer science. He is a well-known speaker on AppSec and Supply Chain Security-related topics, including at RSAC, OWASP, and more. Omer holds a BA in Philosophy and Business Management.
Managed by the OWASP® Foundation
https://owasp.org/
0 Comments