�ݺ�ߣ

1. The State of Open Source Security Languages, Containers & Open Source Maintainers Liran Tal, Developer Advocate, Snyk

2. Node.js Security WG Liran Tal OWASP NodeGoat author of - Essential Node.js Security - O’Reilly’s Serverless Security Developer Advocate @liran_tal

3. @liran_tal source: https://snyk.io/opensourcesecurity-2019

7. @liran_tal How much do we really know about our open-source dependencies ?

8. @liran_tal source: https://snyk.io/blog/how-much-do-we-really-know-about-how-packages-behave-on-the-npm-registry *abandoned packages 61%

9. @liran_tal source: https://snyk.io/blog/a-post-mortem-of-the-malicious-event-stream-backdoor

10. @liran_tal source: https://snyk.io/blog/how-much-do-we-really-know-about-how-packages-behave-on-the-npm-registry

11. @liran_tal Your App

12. @liran_tal Your App Your Code

14. @liran_tal Jan 2015 rimrafall Jan 2017 crossenv May 2018 getcookies Jul 2018 eslint-scope Nov 2018 event-stream

15. @liran_tal May 2018 getcookies Parse HTTP headers for cookie data

16. @liran_tal May 2018 getcookies Parse HTTP headers for cookie data or does it...?

17. @liran_tal

18. @liran_tal

19. @liran_tal getcookies express-cookies http-fetch-cookies

20. @liran_tal getcookies express-cookies http-fetch-cookies mailparser 440,000 downloads/month

21. @liran_tal source: https://www.npmjs.com/advisories

22. @liran_tal source: https://github.com/lirantal/npq/

23. @liran_tal marked ReDoS security vulnerability 2,224,691 weekly downloads Fixed in 0.7.0 (July 2019) 4,325 dependent packages source: https://snyk.io/vuln/npm:marked

25. @liran_tal open-source maintainers security posture

26. @liran_tal GitHub most popular integration: Security https://github.blog/2019-07-24-lessons-from-snyk-make-smarter-decisions-about-your-applications-security

29. @liran_tal are open source maintainers security conscious ?

30. @liran_tal State of 2FA in the npm registry

31. @liran_tal 6.89% of all maintainers State of 2FA in the npm registry

32. @liran_tal 0.6% of all packages State of 2FA in the npm registry

33. @liran_tal State of 2FA in ecosystem

34. @liran_tal 0% of all maintainers State of 2FA in ecosystem *as to Oct 1st 2019

41. @liran_tal The security blindspot of lockﬁle attack vectors

42. @liran_tal source: https://www.npmjs.com/package/lockﬁle-lint

46. @liran_tal Understanding the impact of security ﬁxes

47. @liran_tal

48. @liran_tal

49. @liran_tal Best Practices for Open Source Maintainers

50. @liran_tal https://snyk.io/blog/ten-npm-security-best-practices

51. @liran_tal Open-source dependencies impact container security too

52. @liran_tal 1 billion weekly d/l of container images

55. @liran_tal 44% of docker image vulnerabilities can be ﬁxed with newer base images

57. @liran_tal

58. @liran_tal 20% of docker image vulnerabilities can be ﬁxed just by rebuilding them

62. @liran_tal Best Practices for Docker Image Security

63. @liran_tal https://snyk.io/blog/10-docker-image-security-best-practices

64. @liran_tal Attackers are targeting open source one vulnerability = many victims

65. @liran_tal What if security was developer-friendly easier actionable

66. @liran_tal

67. Please Enjoy Responsibly Open Source is Awesome @liran_tal

�ݺ�ߣ

The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal

More Related Content

The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal