Mathias Tausig is information security consultant at SBA Research gives an interesting talk on The monster in your basement: Security risks of CI/CD systems.
Talk Abstract
Continuous Integration and Continuous Delivery systems are omnipresent in today’s development workflows. They help developers to focus more on their actual programming duties by automating repetitive tasks and allow the periodic usage of security tools. But the messy truth is, that in many organizations they are simply taken for granted as yet another development tool instead of being recognized for what they are: a system at the core of your infrastructure with almost unbounded permissions. This talk explains the most common security risks inherent to CI/CD systems based on the “OWASP Top 10 CI/CD Security Risks” list and recounts “war stories” from real world security assessments of CI systems.
Mathias graduated in mathematics. Holistic perspective on computers: former developer, sysadmin, security officer, university teacher and even computer salesman. Now a security consultant specializing in application security. Open source lover