Join us for the July 2015 OWASP San Antonio meeting! We will be having a talk about compromising Continuous Integration systems.
Speaker: Greg Anderson
Greg Anderson works for Rackspace where he helps to drive test automation and security.
Title: Is This Your Pipe? Compromising Build and Automation Pipelines
As developers of the web, we rely on tools to automate building code, run tests, and even deploy services. What happens when developers do CI/CD wrong? Credentials get exposed, hijacked, and re-purposed. I'll talk about how often, where, and what happens when people leak public cloud credentials, how some are protecting themselves using encrypted secrets, how to bypass protections against leaking secrets and how to turn someone's Jenkins Install into your own butler. Come hijack credentials out of repositories, steal hidden and encrypted secrets using builds, and hijack infrastructure via continuous integration systems.
Denim Group Offices: 1354 N Loop 1604 E Suite 110, San Antonio, TX 78232