Sign up to save your podcasts
Or
Share What is a Dependency Confusion Attack?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
What is a Dependency Confusion Attack?
Hello everyone and welcome back to the Cognixia podcast. When developing applications, one often needs to integrate third-party or open-source dependencies into the applications to meet the intended business requirement or utility. For instance, a food delivery app could be dependent on Google Maps or MapMyIndia for the Map functionality on which a user can track their food. An e-commerce app or website could have a dependency on WhatsApp for enabling a live chat with a customer service bot or a customer service rep to help answer any queries that the customer of the platform may have. These dependencies could be paid for by the using entity to the service/API provider or it could be open-source and play an important role in supporting the efficient functioning as well as any other features that the application might be providing.
The simple logic here was instead of building a whole functionality from scratch, which by no means is an easy feat since it takes looking for and hiring the right people with the right skills and domain knowledge, and a boatload of resources to put together a team, lots of time, and so much more. Instead, one could use the API or functionality built by someone else, something that is already tested and ready to use with established success, just integrate it into whatever you are building, and voila! The functionality creator could get a licensing fee or a royalty payment of sorts, and the user entity has a perfectly functioning feature that would be highly valuable for its users.
Sounds like a great thing, right? It totally is. Then where exactly is the problem?
Well, whenever great innovations have taken place, haven’t the unscrupulous elements always caught up with them sooner or later for their gains while penalizing or harming others in some way?
Dependencies are no exception. Enters Dependency Confusion Attack.
Dependency confusion attacks are relatively new to the world, but in the short time they have been around, they have sent ripples around the world showing the unimaginable levels of harm they can cause. So, who is at risk? How do these attacks function? Can we do something to stop it or fight it once it happens? We are sure you have many questions, and we will try our best to answer as many of these as possible in this podcast episode.
New research by OX Security, a DevOps software supply chain company has revealed that just about every application that has more than 1 billion users and more than 50% of applications with roughly 30 million users are highly vulnerable to dependency confusion attacks. The research also makes a shocking revelation – organizations that are at the most risk would likely have about a whopping 73% of their assets exposed to dependency confusion attacks!
View all episodes
By CognixiaHello everyone and welcome back to the Cognixia podcast. When developing applications, one often needs to integrate third-party or open-source dependencies into the applications to meet the intended business requirement or utility. For instance, a food delivery app could be dependent on Google Maps or MapMyIndia for the Map functionality on which a user can track their food. An e-commerce app or website could have a dependency on WhatsApp for enabling a live chat with a customer service bot or a customer service rep to help answer any queries that the customer of the platform may have. These dependencies could be paid for by the using entity to the service/API provider or it could be open-source and play an important role in supporting the efficient functioning as well as any other features that the application might be providing.
The simple logic here was instead of building a whole functionality from scratch, which by no means is an easy feat since it takes looking for and hiring the right people with the right skills and domain knowledge, and a boatload of resources to put together a team, lots of time, and so much more. Instead, one could use the API or functionality built by someone else, something that is already tested and ready to use with established success, just integrate it into whatever you are building, and voila! The functionality creator could get a licensing fee or a royalty payment of sorts, and the user entity has a perfectly functioning feature that would be highly valuable for its users.
Sounds like a great thing, right? It totally is. Then where exactly is the problem?
Well, whenever great innovations have taken place, haven’t the unscrupulous elements always caught up with them sooner or later for their gains while penalizing or harming others in some way?
Dependencies are no exception. Enters Dependency Confusion Attack.
Dependency confusion attacks are relatively new to the world, but in the short time they have been around, they have sent ripples around the world showing the unimaginable levels of harm they can cause. So, who is at risk? How do these attacks function? Can we do something to stop it or fight it once it happens? We are sure you have many questions, and we will try our best to answer as many of these as possible in this podcast episode.
New research by OX Security, a DevOps software supply chain company has revealed that just about every application that has more than 1 billion users and more than 50% of applications with roughly 30 million users are highly vulnerable to dependency confusion attacks. The research also makes a shocking revelation – organizations that are at the most risk would likely have about a whopping 73% of their assets exposed to dependency confusion attacks!