Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security

OWASP Foundation via YouTube Direct link

Using the Threat Model

20 of 23

20 of 23

Using the Threat Model

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Notable Incidents
  3. 3 Fundamental Disconnect . We have developed tremendous tooling and automation that allows us to create secure, reliable software at a scale not previously considered
  4. 4 Threat Modeling Overview
  5. 5 Confidentiality Impact
  6. 6 Availability Impact
  7. 7 Supporting Infrastructure
  8. 8 The Perimeter is the Problem
  9. 9 Example CI/CD Pipeline Dataflow
  10. 10 Follow a Code Change
  11. 11 General/Overarching Concerns
  12. 12 Source Repository and Workflow Engine
  13. 13 Open Source Component Management
  14. 14 Open Source Backdoor Concerns
  15. 15 Build Management
  16. 16 Security Testing and Backdoors
  17. 17 Software Packaging and Distribution
  18. 18 Software Packaging - Monolithic applications vs. Microservice applications
  19. 19 Software Distribution
  20. 20 Using the Threat Model
  21. 21 Vendor Management
  22. 22 Potential Argument Discussion Points
  23. 23 Questions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.