SAINTCON 2021 has ended
Utah’s Premiere Security Conference
Back To Schedule
Thursday, October 21 • 1:30pm - 2:30pm
Dependency Confusion - Python and pip

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Namesquatting with package managers is nothing new, but if you are using private hosted packages on your own index or from a git repository, you may be inadvertently exposing your dev, build, and production environments, as well as any networks they operate in, to this class of supply chain attack. Learn how these attacks work, what can go wrong if you get caught in an attack, and most importantly, how to improve and validate your development, testing, and deployments to avoid these attacks altogether. The focus of this presentation is on Python using the default package manager pip. These attacks, mitigations strategies and the core concepts apply to nearly every language with a public index for downloading and distributing 3rd party code used in developing and deploying applications.


John Pope

Utah State University

Thursday October 21, 2021 1:30pm - 2:30pm MDT
Ballroom B (2nd Floor)