The Risk of CI - CD Pipeline Poisoning via CodeBuild
Offered By: BruCON Security Conference via YouTube
Course Description
Overview
Explore the security risks associated with CI/CD pipelines deployed via AWS managed services in this 48-minute conference talk from BruCON Security Conference. Delve into how CodeBuild's functionality can be exploited to bypass existing security controls in the SDLC environment, potentially leading to secret exfiltration, application tampering, and unauthorized command execution. Gain insights into the challenges faced by AWS customers due to the shared responsibility model, and learn why following AWS samples and tutorials may not be sufficient to mitigate these risks. Understand the importance of securing CI/CD pipelines in cloud environments and discover the new considerations that cloud solutions bring to DevSecOps and Cloud communities.
Syllabus
07 - BruCON 0x0D - The risk of CI/CD pipeline poisoning via CodeBuild - Asier Rivera
Taught by
BruCON Security Conference
Related Courses
DevOps CI/CD Pipeline: Automation from development to deploymentUniversidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX Exploring the Benefits of Continuous Security and Compliance for Cloud Infrastructure
Pluralsight Integrating Incident Response into DevSecOps
Pluralsight DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning