We would like to invite you to BsidesVienna 0x7E8! SBA Research has proudly supported BSidesVienna as a Gold Sponsor for several years. We’re committed to fostering independent security research and collaboration within the cybersecurity community, and BSidesVienna is an excellent platform for advancing these goals.
In addition, our colleagues Mathias Tausig, information security consultant at SBA Research, gives a talk on The monster in your basement: Security risks of CI/CD systems.
© Marcel Lehner
Abstract
Continuous Integration and Continuous Delivery systems are omnipresent in today’s development workflows. They help developers to focus more on their actual programming duties by automating repetitive tasks and allow the periodic usage of security tools. But the messy truth is, that in many organizations they are simply taken for granted as yet another development tool instead of being recognized for what they are: a system at the core of your infrastructure with almost unbounded permissions.
This talk starts by elaborating why we even want and need CI systems in the first place, in order to build up the stage for the inherent security risks. Those are outlined based on the new “OWASP Top 10 CI/CD Security Risks” list and augmented by recounting “war stories” from real world security assessments an breaches of CI systems. Finally, a live demonstration shows, how easy an attacker can gain access to your build infrastructure via a malicious container image.
Content warning: You might be a lot more nervous about your dev environment when you return to work on monday.
Come and meet us at BSidesVienna! Let’s connect, share ideas, and talk about the latest in cybersecurity. See you there!
About the Conference
BSides is a global series of community-organized events that foster independent security research, education, and collaboration within the cybersecurity community. Unlike commercial conferences, BSides events have a more relaxed, meetup-like atmosphere, focusing on open dialogue, networking, and exchanging perspectives. They feature engaging talks, workshops, and the famous “hallway track,” where participants can connect with old friends, meet new people, and share insights. BSidesVienna aims to contribute to the global spread of these events and provide valuable input to the information security community.