OWASP 2024 Global AppSec San Francisco

Supply Chain risks are everywhere. We’ve seen a burst of supply chain exploits against organizations, totaling billions of dollars of value lost. Supply-chain security and implementation is essential and required by regulation. However, pentesters and red-teams must understand how they can leverage supply-chain attacks against applications, to further strengthen their defense implementations against it.

This training is a deep hands-on, red-team exploration of application supply-chains. We commence with an understanding of application supply chains, and subsequently dive into story-driven scenarios of exploiting supply-chains like exploiting CI systems, and build systems. Container infrastructure and cloud-native infrastructure hosted on Kubernetes, AWS, and Azure.

People learn better with stories. Our exploit and lateral movement scenarios are intricately designed labs that are backed by real-world stories that help students understand this subject-matter a lot better. This training was sold out at Blackhat USA 2023 with a 4.8/5 Rating