YoVDO

Pipeline Pandemonium - Hijacking Cloud Security Through CI/CD Vulnerabilities

Offered By: BSidesLV via YouTube

Tags

Cloud Security Courses DevOps Courses Jenkins Courses GitHub Actions Courses Privilege Escalation Courses CI/CD Pipelines Courses CircleCI Courses Code Injection Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical vulnerabilities in CI/CD pipelines and their potential impact on cloud security in this 39-minute conference talk from BSidesLV. Delve into real-world examples and case studies that highlight the convergence of rapid software delivery and cloud infrastructure, uncovering methods used by malicious actors to compromise cloud environments. Examine various attack vectors, including code injection, dependency hijacking, unauthorized access through over-provisioned keys, runner abuse, and artifact poisoning. Focus on common techniques for exploiting privileges and configurations in GitHub actions, CircleCI, and Jenkins pipelines, drawing from the presenter's experience with Fortune 500 companies. Gain valuable insights into improving your organization's security posture, suitable for a broad audience with no prior in-depth knowledge required.

Syllabus

Ground Floor, Wed, Aug 7, 12:30 - Wed, Aug 7, CDT


Taught by

BSidesLV

Related Courses

Startup Engineering
Stanford University via Coursera Developing Scalable Apps in Java
Google via Udacity Cloud Computing Concepts, Part 1
University of Illinois at Urbana-Champaign via Coursera Cloud Networking
University of Illinois at Urbana-Champaign via Coursera Cloud Computing Concepts: Part 2
University of Illinois at Urbana-Champaign via Coursera