Attack and Defend Software Supply Chains

Objectives of Training:

In an era where a larger portion (~80%) of software development activities come from third parties, the security of your software supply chain is more critical than ever. Software isn't built in silos anymore. It's built on a complex web of dependencies, with each component sourced from different providers across the globe. This opens up a myriad of vulnerabilities, making your software supply chain a prime target for cybercriminals. In this course, we focus on holistic learning around attacking and then securing the software supply chain. / Section 1 is focused on understanding and exploiting supply chain issues. Section 2 focuses on the various fixes and security configurations to protect the supply chain. We’ll get our hands dirty by applying these strategies to secure the developer environments, code repositories, CI/CD pipelines, and deployment environments. By the end of the course, we will be well-equipped to transform our software supply chain from a security liability to a valuable asset.