Meet the speaker
Negar Shabab is an Application Security Consultant
Negar works on implementation of security practices into DevOps pipeline with a focus on automation. Before joining PS&C Group she was a senior malware analyst and security software developer. She has worked across the full life cycle of multiple security software products often working in senior and lead roles. She has extensive experience developing anti-malware software modules and security applications for the Windows operating systems. Negar is an active member of the Australian Women in Security Network (AWSN) which aims to support and inspire women in the Australian security industry. Currently Negar works as an application security consultant with PS&C Group.
Supply chain attacks have become a trend in the past few years. A number of major cyber attacks were delivered through attacking software supply chain. One example of this is the CCleaner incident in which the infection of a few software developer machines resulted in massive infection of end user systems; another more recent example is ShadowHammer story in which the customers of popular ASUS Live Update Utility were served backdoored packages which the attackers managed to get digitally-signed by legitimate ASUS signatures. This talk focuses on the long history of concerns and techniques around compromising software developer systems and the impact of it on the software industry.