Explore critical security vulnerabilities in CI/CD pipelines through this DEF CON 32 conference talk that demonstrates how command injection in pipeline components can compromise major projects. Learn from a detailed case study of a command injection vulnerability discovered in Bazel GitHub Action, Google's flagship project, and witness live demonstrations showing how attackers can exploit pipeline weaknesses to inject malicious code into widely-used repositories. Gain practical knowledge about securing CI/CD pipelines and implementing effective protection strategies to safeguard development projects from similar security threats.
Command Injection Vulnerabilities in CI/CD Pipelines - Securing Bazel GitHub Actions
Overview
Syllabus
DEF CON 32 - Your CI CD Pipeline Is Vulnerable, But It's Not Your Fault - Elad Pticha, Oreen Livni
Taught by
DEFCONConference
Related Courses
-
CI/CD for Machine Learning
-
AZ-400: Implement CI with Azure Pipelines and GitHub Actions
-
The GitHub Actions Worm - Understanding CI/CD Platform Vulnerabilities
-
Securing CI/CD Pipelines - Exploring Vulnerabilities In Workflows
-
Strengthening Defenses Against CI/CD Security Threats - Understanding and Mitigating Pipeline Vulnerabilities
-
The Dark Playground of CI/CD - Attack Delivery by GitHub Actions
