Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Command Injection Vulnerabilities in CI/CD Pipelines - Securing Bazel GitHub Actions

DEFCONConference via YouTube

Overview

Explore critical security vulnerabilities in CI/CD pipelines through this DEF CON 32 conference talk that demonstrates how command injection in pipeline components can compromise major projects. Learn from a detailed case study of a command injection vulnerability discovered in Bazel GitHub Action, Google's flagship project, and witness live demonstrations showing how attackers can exploit pipeline weaknesses to inject malicious code into widely-used repositories. Gain practical knowledge about securing CI/CD pipelines and implementing effective protection strategies to safeguard development projects from similar security threats.

Syllabus

DEF CON 32 - Your CI CD Pipeline Is Vulnerable, But It's Not Your Fault - Elad Pticha, Oreen Livni

Taught by

DEFCONConference

Reviews

Start your review of Command Injection Vulnerabilities in CI/CD Pipelines - Securing Bazel GitHub Actions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.