Vitaly Davidoff

Vitaly Davidoff

Application Security Lead

Company: JFrog

Stream: А

Time: 14:00 - 14:45

Country: Israel

Language: English

Talk: What is "Supply Chain" attack? and How to Prevent it in DevOps Pipeline

About the Speaker

JFrog is a DevOps company and my team is responsible to security of JFrog company. We are dealing with supply chain attacks all the time and created uniq knowledge of how to protect against these attacks as part of CI/CD Any other info about you: Vitaly has about 15 + years’ experience as a developer and more than 8 years in the application security field. Applications Products Security lead at JFrog TLV Israel. In this position he’s responsible to provide Application Security solutions for many products, including analyzing security risks in multidisciplinary systems according to the customer system characterization, defining required security controls to handle identified security threats, perform code and design reviews, threat modeling and many other activities. He holds CISSP and CSSLP certificates.

Talk: What is "Supply Chain" attack? and How to Prevent it in DevOps Pipeline

We will provide an overview of "Supply Chain" attacks types (what is it and why it so important). The second part of this talk will be about "how to" protect your software against using malicious 3rd party packages