YoVDO

Pwning the CI with GitHub Action Workflows - Security Challenges and Exploits

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

GitHub Actions Courses Cybersecurity Courses DevOps Courses Social Engineering Courses Continuous Integration Courses Supply Chain Security Courses CI/CD Pipelines Courses GitOps Courses Cloud-Native Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security vulnerabilities in CI platforms and GitHub Action workflows in this 28-minute conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the challenges posed by open source and GitOps practices, which expose development pipelines to potential threats. Learn how social engineering techniques and insecure GitHub configurations can be exploited by malicious actors. Witness live demonstrations of known abuses in GitHub Actions workflows, highlighting how default settings and poor practices can compromise the security of your supply chain. Gain valuable insights into protecting your CI/CD pipeline from potential attacks and strengthening your overall cybersecurity posture.

Syllabus

Pwning the CI (with GitHub Action Workflows) - Stephen Giguere, Bridgecrew


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Building on Microsoft Sentinel Platform
Microsoft via YouTube Securing Applications and Infrastructure on Kubernetes with Sysdig
Mirantis via YouTube Container Escape in 2021
Hack In The Box Security Conference via YouTube Running at Light Speed - Cloud Native Security Patterns
LASCON via YouTube Controlled Mayhem With Cloud Native Security Pipelines
OWASP Foundation via YouTube