In 2015, compromised developers unwittingly used a malicious XCode to inject malware into thousands of apps, stealing data of millions of users. In both 2014 and 2017, millions of Uber user and driver records were leaked following an improperly secured token commited to a GitHub repo. And in 2013, a phished developer was tricked to give the Syrian Electronic Army to the Financial Times’ site.
What do all of these have in common? We, developers, caused them.
In this talk, we’ll better understand the damage we can cause, from distributing trojans to exposing user code. We’ll better understand the techniques attackers use to compromise us, so we can be prepared. Most importantly, we’ll talk about how we can defend ourselves – and our users.