Dates
Conferences
Tags
Sort by:
Most recent
Conference: Global AppSec Dublin 2023
Authors: Chris Romeo
2023-02-15
tldr - powered by Generative AI
The presentation discusses common failures in DevOps security and provides solutions to address them.
- Failure to prioritize security in DevOps
- Lack of collaboration between security and development teams
- Inadequate training and education on application security
- Inefficient use of tools and technology
- Lack of integration of threat modeling in DevOps process
- Vulnerable code in the wild
Conference: SupplyChainSecurityCon 2022
Authors: Ronen Slavin, Alex Ilgayev
2022-06-22
tldr - powered by Generative AI
The presentation discusses the security landscape of Github Actions and the potential vulnerabilities that can arise from misconfigurations. The focus is on code injection as the main scenario of the exploit and the consequences that can result from such attacks.
- Github Actions is a popular CI/CD tool that allows developers to automate development workflows easily
- Misconfigurations in Github Actions can lead to potential vulnerabilities
- Code injection is a common exploit that can result from misconfigurations
- The consequences of such attacks can be disastrous, including exposing secrets and allowing attackers to commit malicious code
- Possible mitigations to stop such attacks are explored