Identifying and avoiding malicious packages

Webinar Description

Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.

We will dive into:

  • The types of attacks and types of payloads contained in these malicious packages
  • Explain how these malicious packages can be identified and rejected
  • Best practices for a secure development workflow and the relevant OSS tools you can use.
  • Conclusion / Q&A

Presenter Information

Jonathan Sar Shalom

Director of Threat Research at JFrog

Jonathan is the Director of Threat Research at JFrog Security. Jonathan’s background includes more than 13 years in cyber security, with experience in security research, reverse engineering, and malware analysis. He currently leads the Threat Research team in JFrog Security, specializing in vulnerabilities analysis, threat intelligence research, and automated threats detection.

Date:   May 16, 2022
Time:   11AM CET
Duration   1 hour
Can't make it? Register anyway and we will send you the recording.

Register for this Webinar:


Release Fast Or Die

Start For Free