Watch a conference talk from AppSecEU 2015 in Amsterdam where Rory Mccune discusses security challenges in modern software deployment. Explore topics like trust issues with dependencies, repository providers, and cloud services. Learn about potential attack vectors, including pushing malicious code versions and exploiting weak access controls. Examine strategies for improving repository security, such as digital signing and better curation. Gain insights into the risks of open-source libraries and the importance of auditing code. Discover practical tips for securing software deployment processes and mitigating vulnerabilities in the modern development ecosystem.
Security and Modern Software Deployment - AppSec EU 2015
Overview
Syllabus
Intro
Stack Exchange
Software Deployment
Trust
Dependencies
Repository Provider
Cloud Provider
Its All Software
Colonel Bashing
Other options
Attackers viewpoint
Rule 34 of security
Short Con
Get The Code
Root Shell
Choosing A Target
Push A New Version
Access Control
Lack of curation
Lack of digital signing
Linux repositories
Darker files
Profit Chels
Metasploit
Audit The Code
Metasploit Packages
Trusted Repository
Better Repository Security
Update Framework
Long Con
Open Source Libraries
Start Your Own Package Repository
If I Was A Bad Guy
Fixing This
Problem
Module Count
Python
Conclusion
Questions
Taught by
OWASP Foundation
