YoVDO

The Risk of CI - CD Pipeline Poisoning via CodeBuild

Offered By: BruCON Security Conference via YouTube

Tags

BruCON Courses Cloud Computing Courses DevSecOps Courses AWS CodeBuild Courses

Course Description

Overview

Explore the security risks associated with CI/CD pipelines deployed via AWS managed services in this 48-minute conference talk from BruCON Security Conference. Delve into how CodeBuild's functionality can be exploited to bypass existing security controls in the SDLC environment, potentially leading to secret exfiltration, application tampering, and unauthorized command execution. Gain insights into the challenges faced by AWS customers due to the shared responsibility model, and learn why following AWS samples and tutorials may not be sufficient to mitigate these risks. Understand the importance of securing CI/CD pipelines in cloud environments and discover the new considerations that cloud solutions bring to DevSecOps and Cloud communities.

Syllabus

07 - BruCON 0x0D - The risk of CI/CD pipeline poisoning via CodeBuild - Asier Rivera


Taught by

BruCON Security Conference

Related Courses

Introduction to AWS CodeBuild
Pluralsight
Building Code with AWS CodeBuild
Pluralsight
Continuous Integration: Tools
LinkedIn Learning
AWS CodePipeline Beginner's Guide
Coursera Project Network via Coursera
Getting Started with DevOps on AWS
Pluralsight