YoVDO

Dissecting the 0-Day Supply Chain Vulnerability in Argo CD

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Supply Chain Security Courses Software Development Courses Cybersecurity Courses DevOps Courses Kubernetes Courses Vulnerability Analysis Courses Container Security Courses Cloud-Native Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of a critical 0-day supply chain vulnerability discovered in Argo CD in this 28-minute conference talk by Moshe Zioni from Apiiro. Delve into the details of CVE-2022-24348, including the attacker's potential methods for bypassing Argo CD's security measures to exploit the vulnerability and access sensitive information. Learn about the research process that led to this discovery, understand the importance of this vulnerability within the ecosystem, and gain insights into effective remediation steps. Follow the speaker's journey from initial research to uncovering security checks, parsing issues, and extended attack scenarios. Conclude with a comprehensive summary of file permissions and key takeaways to enhance your understanding of supply chain security in cloud-native environments.

Syllabus

Introduction
Agenda
Basics
Why
Research Routine
Parsing
Developer Thread
Security Checks
Read the Documentation
Extended Attacks
Remediation
File Permissions
Summary Conclusion
Special Thanks


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Unlocking Information Security II: An Internet Perspective
Tel Aviv University via edX Cybersecurity Capstone: Breach Response Case Studies
IBM via Coursera Complete Ethical Hacking Bootcamp
Udemy Cyber Security Advanced Persistent Threat Defender Preview
Udemy Performing Threat Modeling with the PASTA Methodology
Pluralsight