Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced security analysis techniques for .NET software supply chains in this 52-minute conference talk that addresses the critical challenge of securing applications built on third-party code. Learn why traditional security tools like OpenSSF Security Scorecard fall short in detecting planted malware, risky API usage, and vulnerabilities hidden deep within dependency chains when 80% of modern applications rely on external libraries. Discover the limitations of current NuGet security approaches and get introduced to Fennec Labs, an open-source project designed for comprehensive dependency analysis. Master automated detection methods for identifying security risks within NuGet packages, understand how to implement collaborative threat intelligence sharing, and develop practical techniques for making informed decisions about package adoption. Gain insights into identifying hidden security threats in NuGet packages, implementing automated analysis of risky API patterns and behaviors, leveraging community-driven security intelligence for .NET dependencies, and integrating practical strategies into development workflows. Acquire actionable tools and methodologies to strengthen your application's supply chain security posture and defend against sophisticated package-based attacks.
