Mathias Tausig @ Vienna DevOps and Security Meetup

September 11, 2024

Mathias Tausig is information security consultant at SBA Research and gave an interesting talk on The monster in your basement: Security risks of CI/CD systems.

Talk Abstract

Continuous Integration and Continuous Delivery systems are omnipresent in today’s development workflows. They help developers to focus more on their actual programming duties by automating repetitive tasks and allow the periodic usage of security tools. But the messy truth is, that in many organizations they are simply taken for granted as yet another development tool instead of being recognized for what they are: a system at the core of your infrastructure with almost unbounded permissions. This talk explains the most common security risks inherent to CI/CD systems based on the “OWASP Top 10 CI/CD Security Risks” list and recounts “war stories” from real world security assessments of CI systems.

Links

Vienna DevOps & Security

Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

News