OWASP Toronto - June Event - GitHub Actions: Protecting your CI from attackers

Name: OWASP Toronto - June Event - GitHub Actions: Protecting your CI from attackers
Start: 2022-06-08T18:30:00-04:00
End: 2022-06-08T20:30:00-04:00

Hosted by Yuk Fai C. and 2 others

OWASP Toronto Chapter

Details

TALK

GitHub Actions: Protecting your CI from attackers

Summary:

This talk plans to demonstrate how GitHub Actions work and show security measures to protect your Actions from misuse by attackers. First, we’ll do a deep dive into the Runners, the servers provided by GitHub to run your Actions, and the risks of using them. Then, we’ll show how attackers can leverage these runners to mine cryptocurrencies, pivot into other targets, and more. Lastly, we’ll demonstrate how to maliciously distribute backdoors into different repositories via the GitHub Actions Marketplace.

Presenter:

Magno Logan

Magno Logan works as an Information Security Specialist for Trend Micro Cloud and Container Security Research Team. He specializes in Cloud, Container, and Application Security Research, Threat Modelling, Red Teaming, DevSecOps, and Kubernetes Security, among other topics. He has been tapped as a resource speaker for numerous security conferences around the globe including Canada, USA, Portugal, and Brazil. He is also the founder of JampaSec and a member of the CNCF Security TAG team.

OWASP Toronto Chapter

Security Compass

BDO Canada

Corellium

Cycode

OWASP Toronto - June Event - GitHub Actions: Protecting your CI from attackers

OWASP Toronto Chapter

Details

Sponsors

Security Compass

BDO Canada

Corellium

Cycode

You may also like