Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 4, 2013
Everyone tests the security of their application, but how safe is the build process that creates the application itself? Modern Java build tools automate the process of retrieving dependencies from public repositories such as Maven Central. Although convenient, this unfortunately also opens the door for code-injection attacks during the build process. These so-called cross-build injection (XBI) attacks are not very well known, but their impact can be devastating. You can counter attacks by both improving organizational processes and using cryptographic primitives to ensure that dependencies are safe. This session shows what you can do to secure your builds, presenting XBI attack vectors along with the appropriate countermeasures.