Friday

Room 6

10:20 - 11:20 (UTC+02)

Talk (60 min)

Securing your .NET application software supply-chain

With our complete software development process becoming more complex we also got a lot more security problems to deal with. What starts with code and ends with releasing/deploying software is also being referred at as the software-supply chain. The software supply-chain consists of a lot of moving parts. Each of them facing their own security risks starting from access to source code, compromised third-party libraries and tools, or even hacked build servers. For example with SolarWinds the compromised build server added malicious functionality to the end product used by their customers. And a tool called CodeCov had their upload script compromised which resulted in it stealing all used access-keys. In this session we'll get hands-on with securing a .NET application it's supply chain and look how we can limit the security risks in all the different area's. We're going to use the guidance of Google's SLSA and using concepts like Software Bill Of Materials (SBOM).

.NET
Continuous Delivery
Security

Niels Tanis

Niels Tanis has got a background in .NET development, pentesting and security consultancy. He also holds the CSSLP certification and has been involved in breaking, defending and building secure applications. He joined Veracode in 2015 and right now he works as a security researcher on a variant of languages and technologies related to Veracode’s Binary Static Analysis service. He is married, father of two and lives in a small village just outside Amersfoort, The Netherlands.