YoVDO

Enhancing CI/CD Secrets Security - The 3Rs Approach

Offered By: OWASP Foundation via YouTube

Tags

DevSecOps Courses Amazon Web Services (AWS) Courses GitHub Courses CI/CD Courses Cloud Security Courses Secrets Management Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive approach to enhancing CI/CD secrets security in this 49-minute OWASP Foundation talk by Bobby Lin. Learn about the 3Rs principles: Reduce storage of secrets at rest with CI/CD providers, Reduce the number of secrets used in CI/CD workflows, and Reduce the chances of secrets being leaked in source code. Discover practical strategies to implement these principles, including using short-lived secrets, minimizing duplicated permissions, and employing security git hooks. Gain insights into handling client secret leaks in logs and understand the limitations of current SAST secret scanners. While the examples are GitHub and AWS-centric, apply these concepts to various VCS, CI/CD providers, and cloud service platforms to improve your organization's security posture and mitigate risks associated with compromised CI/CD providers.

Syllabus

Enhancing CI/CD Secrets Security: The 3Rs Approach - Bobby Lin


Taught by

OWASP Foundation

Related Courses

DevOps CI/CD Pipeline: Automation from development to deployment
Universidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX Exploring the Benefits of Continuous Security and Compliance for Cloud Infrastructure
Pluralsight Integrating Incident Response into DevSecOps
Pluralsight DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning