Explore the security risks associated with CI/CD pipelines deployed via AWS managed services in this 48-minute conference talk from BruCON Security Conference. Delve into how CodeBuild's functionality can be exploited to bypass existing security controls in the SDLC environment, potentially leading to secret exfiltration, application tampering, and unauthorized command execution. Gain insights into the challenges faced by AWS customers due to the shared responsibility model, and learn why following AWS samples and tutorials may not be sufficient to mitigate these risks. Understand the importance of securing CI/CD pipelines in cloud environments and discover the new considerations that cloud solutions bring to DevSecOps and Cloud communities.
Overview
Syllabus
07 - BruCON 0x0D - The risk of CI/CD pipeline poisoning via CodeBuild - Asier Rivera
Taught by
BruCON Security Conference
Related Courses
-
AWS: CI/CD Pipelines and Deployment Strategies
-
AWS Cloud Complete Bootcamp Course
-
AWS CI-CD Pipeline Tutorial - How to Build CI-CD Pipeline with Amazon Web Services
-
Best Practices for Securing CI - CD Pipeline
-
Best Practices for Securing CI - CD Pipeline
-
Enhancing CI/CD Secrets Security - The 3Rs Approach
