Hacker Summer Camp Special: Get 40% OFF with code HACKERCAMP40. Limited time only!
X
X
X
BlackHat USA

BlackHat USA 2025 Attacking the Application Supply chain

2 - 3 August, 2025
|
Las Vegas
|
Vishnu Prasad K

The following supply-chain scenarios, exploits and lateral movement scenarios will be explored in this training: * Application Supply Chains: * Client-side Supply Chain attacks ranging from magecart-style attacks to other client-side exploits* Server-side dependency attacks* Build System Attacks and Package Manager focused attacks* Dependency Confusion Attacks* Cross-Build Injection Attacks* Container Supply Chains* Container Build System Attacks* Container Registry Attacks* Trojanizing Containers* Attacks against CI Services:* Attacks against on-prem CI services like Jenkins, Bamboo, etc. * Webhook Boomerang Attacks against CI/CD Systems* Dependency attacks and template attacks against Github Actions and Gitlab CI* Cloud-Native Supply Chain Attacks: * Attacking Kubernetes Supply-Chains (Helm, Admission Controllers) etc* Attacking Continuous Deployment Services for Kubernetes and Cloud-native environments* Supply Chain Attacks and Lateral Movement with AWS and Azure.

Register now
Book a demo

More events that might interest you

Sep 18 - 11 AM EST
Danger in the Dependencies: Surviving supply chain attacks
This session takes you on a supply chain security thrill ride, zeroing in on malicious modules, hidden entry points, and the real tricks threat actors use to wreak havoc across the SDLC.
Virtual
Learn More
Register now
Aug 21 - 11 am EST
The SBOMs Don’t Lie: Analyzing Dependencies in Vulnerable Apps
Outdated and risky dependencies are hiding in your apps, and ignoring them won’t make them go away. In this webinar, we'll will show you how to find and fix them fast using modern SCA techniques and security data formats.
Virtual
Learn More
Register now
Threat Modeling for Developers who hate threat modeling
You can’t scale security if threat modeling still depends on one overworked expert and a 3-hour whiteboard session.But with this webinar, you’ll get a faster and repeatable way to model threats with real frameworks and practical workflows
Virtual
Learn More
Register now
View all events
4.5

Koushik M.

"Exceptional Hands-On Security Learning Platform"

Varunsainadh K.

"Practical Security Training with Real-World Labs"

Gaël Z.

"A new generation platform showing both attacks and remediations"

Nanak S.

"Best resource to learn for appsec and product security"

Read all reviews âžś

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
Side-by-Side Comparison
AppSecEngineer vs Secure Code WarriorAppSecEngineer vs Security JourneyAppSecEngineer vs SecureFlagAppSecEngineer vs PluralsightAppSecEngineer vs KodeKloudAppSecEngineer vs VeracodeAppSecEngineer vs CybraryAppSecEngineer vs Immersive Labs
For Industries
ManufacturingGovernmentFinanceTechnologyHealthcareDefenseRetail
Services
Application Security ServicesThreat Modeling ServicesCloud Security ServicesSecurity Architecture Review ServicesAI LLM Security Services
Support
Knowledge BaseDiscord

For Support write to
‍help@appsecengineer.com‍

About Us
Privacy PolicyMedia Kit

United States

APAC

FOLLOW APPSECENGINEER
SOC2 Type2 Compliant
4.3
Available on:
Copyright AppSecEngineer © 2025
X