Celebrate CSA month with AppSecEngineer | 25% off on Annual plans and bootcamps | Apply code 'SECURITYFIRST25'
X
X
X
BlackHat USA

BlackHat USA 2025 Attacking the Application Supply chain

2 - 3 August, 2025
|
Las Vegas
|
Vishnu Prasad K

The following supply-chain scenarios, exploits and lateral movement scenarios will be explored in this training: * Application Supply Chains: * Client-side Supply Chain attacks ranging from magecart-style attacks to other client-side exploits* Server-side dependency attacks* Build System Attacks and Package Manager focused attacks* Dependency Confusion Attacks* Cross-Build Injection Attacks* Container Supply Chains* Container Build System Attacks* Container Registry Attacks* Trojanizing Containers* Attacks against CI Services:* Attacks against on-prem CI services like Jenkins, Bamboo, etc. * Webhook Boomerang Attacks against CI/CD Systems* Dependency attacks and template attacks against Github Actions and Gitlab CI* Cloud-Native Supply Chain Attacks: * Attacking Kubernetes Supply-Chains (Helm, Admission Controllers) etc* Attacking Continuous Deployment Services for Kubernetes and Cloud-native environments* Supply Chain Attacks and Lateral Movement with AWS and Azure.

Register now
Book a demo

More events that might interest you

9 Oct | 11 am EST
30 Minutes to Think Like an Attacker
See live how everyday data flows can lead to real vulnerabilities, and discover the frameworks, tools, and personal workflows that will help you level up your security skills.
Virtual
Learn More
Register now
Sep 18 - 11 AM EST
Danger in the Dependencies: Surviving supply chain attacks
This session takes you on a supply chain security thrill ride, zeroing in on malicious modules, hidden entry points, and the real tricks threat actors use to wreak havoc across the SDLC.
Virtual
Learn More
Register now
Aug 21 - 11 am EST
The SBOMs Don’t Lie: Analyzing Dependencies in Vulnerable Apps
Outdated and risky dependencies are hiding in your apps, and ignoring them won’t make them go away. In this webinar, we'll will show you how to find and fix them fast using modern SCA techniques and security data formats.
Virtual
Learn More
Register now
View all events
4.6

Koushik M.

"Exceptional Hands-On Security Learning Platform"

Varunsainadh K.

"Practical Security Training with Real-World Labs"

Gaël Z.

"A new generation platform showing both attacks and remediations"

Nanak S.

"Best resource to learn for appsec and product security"

Read all reviews ➜
Leave a G2 review and get $100 off
How to get a free AppSecEngineer annual subscription?
Leave a a Gartner review and get $100 off

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
Side-by-Side Comparison
AppSecEngineer vs Secure Code WarriorAppSecEngineer vs Security JourneyAppSecEngineer vs SecureFlagAppSecEngineer vs PluralsightAppSecEngineer vs KodeKloudAppSecEngineer vs VeracodeAppSecEngineer vs CybraryAppSecEngineer vs Immersive Labs
For Industries
ManufacturingGovernmentFinanceTechnologyHealthcareDefenseRetail
Services
Application Security ServicesThreat Modeling ServicesCloud Security ServicesSecurity Architecture Review ServicesAI LLM Security Services
Support
Knowledge BaseDiscord

For Support write to
help@appsecengineer.com

About Us
Privacy PolicyMedia Kit

United States

APAC

FOLLOW APPSECENGINEER
SOC2 Type2 Compliant
4.3
Available on:
Copyright AppSecEngineer © 2025
X

Not ready for a demo?

Join us for a live product tour - available every Thursday at 8am PT/11 am ET

Schedule a demo

No, I will lose this chance & potential revenue

x
x