Reading about supply chain attacks can cause anxiety when companies today procure much of their software and services from third parties. The tick-box approach of vetting suppliers with cursory audits misses many of the pain points that are often leveraged in real attacks. This session will cover integrating offensive security into traditional third party vetting approaches or using offensive security as its own benchmark prior to integrating third-party software and services into your environment. We'll cover examples of how to apply this approach to your own third-party vetting, and include some real-life success stories of vulnerabilities found in products already in use by many companies.
Understand how and when to apply offensive security in third-party risk assessments.
Know and appreciate the limitations of current third-party onboarding.
Apply this knowledge within your own third-party onboarding.