The Risk of CI - CD Pipeline Poisoning via CodeBuild
Offered By: BruCON Security Conference via YouTube
Course Description
Overview
Explore the security risks associated with CI/CD pipelines deployed via AWS managed services in this 48-minute conference talk from BruCON Security Conference. Delve into how CodeBuild's functionality can be exploited to bypass existing security controls in the SDLC environment, potentially leading to secret exfiltration, application tampering, and unauthorized command execution. Gain insights into the challenges faced by AWS customers due to the shared responsibility model, and learn why following AWS samples and tutorials may not be sufficient to mitigate these risks. Understand the importance of securing CI/CD pipelines in cloud environments and discover the new considerations that cloud solutions bring to DevSecOps and Cloud communities.
Syllabus
07 - BruCON 0x0D - The risk of CI/CD pipeline poisoning via CodeBuild - Asier Rivera
Taught by
BruCON Security Conference
Related Courses
Introduction to AWS CodeBuildPluralsight Building Code with AWS CodeBuild
Pluralsight Continuous Integration: Tools
LinkedIn Learning AWS CodePipeline Beginner's Guide
Coursera Project Network via Coursera Getting Started with DevOps on AWS
Pluralsight