Top Ways to Abuse CI/CD and Reach Production

Logo
Presented by

Omer Gil, Sr Manager Research, Prisma Cloud by Palo Alto Networks

About this talk

As organizations reduce their attack surfaces with tooling and best practices, bad actors are looking for new attack vectors so they can reach mission-critical systems. One increasingly popular attack vector involves targeting the software delivery process itself by abusing CI/CD pipelines to execute attacks such as malicious code injection. When you build and iterate on your CI/CD security strategy, it’s important to get inside the mind of an attacker who’s looking to gain access to your systems. So how do bad actors think about CI/CD pipeline-based attack paths? Tune in to this webinar and learn from our CI/CD security expert, Omer Gil, as he walks through: • The most common type of CI/CD-based attack — poisoned pipeline execution (PPE) • How bad actors can bypass required pull request (PR) reviews • Why bad actors prefer PPE attacks over traditional attack paths • And more!

Related topics:

More from this channel

Upcoming talks (5)
On-demand talks (884)
Subscribers (61519)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa