๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is Supply Chain Attack?

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

Supply chain attacks compromise software before it reaches end users by targeting dependencies, build systems, or distribution channels. Examples include typosquatting (malicious packages with similar names on PyPI/npm), compromised maintainer accounts, backdoored updates (SolarWinds attack), and poisoned CI/CD pipelines. Defense measures include pinning dependency versions, using lock files, verifying package signatures, scanning dependencies for known vulnerabilities (npm audit, pip-audit, Snyk), using private package registries, implementing Software Bill of Materials (SBOM), and practicing least-privilege in build systems. The Log4Shell vulnerability demonstrated how a single dependency can impact millions of applications.

Related Terms

Secret Management
The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.
Content Security Policy (CSP)
An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.
RBAC (Role-Based Access Control)
An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.
Data Loss Prevention (DLP)
A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.
Firewall Rules
Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.
DAST (Dynamic Application Security Testing)
Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.
View All Security Terms โ†’