We have gone through a drastic shift in how we build software, no longer are our applications stand-alone monoliths, they are now a collection of thousands of different modules and building blocks. This has enabled us to innovate at an unimaginable pace but at the cost of security. These building blocks include frameworks, open-source libraries, SaaS platforms, and cloud infrastructure. In this talk, we will examine the anatomy of recent supply chain attacks to show how hackers are targeting vulnerabilities that are at the core of how we build modern software. This will mean examining how open source libraries are being turned malicious, how attackers are able to break into our systems, and why credentials to our infrastructure are leaking all over the internet. The goal of the talk will then be to provide actionable steps on how we can build secure applications on an insecure internet and take back control of our security.

Throughout the presentation, we explore:
- How software development has changed over the years
- Exploring the different building blocks of our applications including open-source software, development tools, SaaS platforms and Cloud infrastructure
- Explaining the software development lifecycle and how each segment is being exploited by adversaries.
- Examining the anatomy of recent security events including CodeCov, SolarWinds, event-stream and log4j to show how we are vulnerable to attacks on dependencies
- Outlining how this has affected the foundational economics behind hacking groups and why these malicious ‘businesses’ are more profitable than ever.
- How taking back control of security involves a change of mindset and why an incident and a breach can be very different things
- How to prevent attackers from moving laterally through systems
- Is zero trust the answer? Also what is zero trust
- It is possible to build a secure application on an insecure internet