Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Dependency Confusion

Tuhin Bose
September 03, 2021

Dependency Confusion

Tuhin Bose

September 03, 2021
Tweet

More Decks by Tuhin Bose

Other Decks in Technology

Transcript

  1. root@kali:~#whoami Bug Bounty Hunter CISO at DSPH Crowdsource Security Researcher

    at Detectify B. Tech in Cyber Security and Digital Forensics
  2. Conclusion & QNA Packages & Dependencies Public registry vs private

    registry Attacking Live Targets AGENDA Dependency Confusion Attack
  3. The term "package" is used to describe code that's been

    made publicly available. A package can contain a single file or many files of code. Generally, a package helps you to add some functionality to your application. A dependency in programming is an essential functionality, library or piece of code that's essential for a different part of the code to work.
  4. Step1: List all packages package.json js files For JS files,

    always look for the keyword require and import