Abuse of Repository Webhooks to Access Hundreds of Internal CI Systems

Explore a novel attack vector in this 34-minute RSA Conference talk that reveals how repository webhooks can be exploited to access internal CI systems. Learn from Omer Gil and Asaf Greenholts, security experts from Prisma Cloud at Palo Alto Networks, as they discuss the vulnerabilities in CI/CD architectures that combine SaaS-based source control management with self-managed CI solutions. Discover how this attack method goes beyond triggering pipelines, potentially compromising hundreds of internal CI systems that are not exposed to the public internet. Gain valuable insights into this security risk and its implications for organizations using such CI/CD setups.