Supply-Chain Compromise

Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.

Metadata

Severity: high
Slug: supply-chain-compromise

MITRE

T1565.001: Data Manipulation: Stored Data Manipulation
T1573.002: Encrypted Channel: Asymmetric Cryptography
T1195.002: Supply Chain Compromise: Compromise Software Supply Chain
T1059.004: Command and Scripting Interpreter: Unix Shell

Available Labs

Select a language to explore available labs for this vulnerability.

1 Lab

Javascript Labs

Javascript 1 lab

Explore 1 lab in Javascript.

No matching labs found

Try adjusting your language filter.

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.