Explore the critical vulnerabilities in CI/CD pipelines and their potential impact on cloud security in this 39-minute conference talk from BSidesLV. Delve into real-world examples and case studies that highlight the convergence of rapid software delivery and cloud infrastructure, uncovering methods used by malicious actors to compromise cloud environments. Examine various attack vectors, including code injection, dependency hijacking, unauthorized access through over-provisioned keys, runner abuse, and artifact poisoning. Focus on common techniques for exploiting privileges and configurations in GitHub actions, CircleCI, and Jenkins pipelines, drawing from the presenter's experience with Fortune 500 companies. Gain valuable insights into improving your organization's security posture, suitable for a broad audience with no prior in-depth knowledge required.
Overview
Syllabus
Ground Floor, Wed, Aug 7, 12:30 - Wed, Aug 7, CDT
Taught by
BSidesLV