Supply Chain Security is a rising topic in software development. Attacks are getting more sophisticated, and malicious packages are one of the fundamental techniques used by hackers. But what does it mean for me as a developer? We will learn the difference between Vulnerabilities and Malicious packages, how they are structured, and what techniques are used.

I will cover Obfuscating Techniques, Security Payloads, and Examples from attacks of the latest history additionally.
This talk is created in cooperation with our Security Research Team at JFrog.
I will highlight Open Source Projects that are helping Developers to protect their own Software Supply Chain.

With this session, I'll convey the latest information about attacks called "malicious packages", which pose an ever more significant threat, especially in open-source projects. The knowledge of how these attack vectors work and the practical procedures for defending and combating them can be implemented directly in your projects.