3. Supply chain attack:
Supply chain attack are an emerging kind of threat
that target software developers and suppliers. The goal
is to access source codes, build processes, or update
mechanisms by infecting legitimate apps to distribute
malware.
5. Use case1 :
• Delivery of modules containing malware, activate on client server
source :
1) Using third party malicious modules/libraries without verification of code
2) Developer's Git account compromise leads to malware injection in the
repositiory which are delivered as a product to client's website and impact
end users.
6. Use case2 :
• Delivery of vulnerable modules, exploited on client server
source : Not following secure development practices
In this case the vulnerability generated because of not following security best
practices in software development, which can be exploited on websites using
vulnerable modules and directly impact end users of websites.
7. Impact:
Stage1 : E-commerce website customer
Purchasing items from a compromised website leads to financial and
personal data theft.
Stage2 : E-commerce website owner
A compromised website owner can face multiple legal cases in case of
data breach because of compliance like GDPR, PCI DSS etc.
Stage3 : Software vendor
Delivery of vulnerable software can rise trust issues on software
vendor.
9. Malware scanning stages:
Stage1 : Scanning modules before delivering to client
Stage2 : Scanning of client server before making any customization
Stage3 : Frequently scanning developers system connecting to client server