Mapping CI/CD Attack Surfaces • Darren Richardson • GOTO 2023

This presentation was recorded at GOTO Copenhagen 2023. #GOTOcon #GOTOcph https://gotocph.com Darren Richardson - Cloud Security Architect at Eficode & Security Nerd RESOURCES https://www.linkedin.com/in/greatbushybeard ABSTRACT An in-depth look at attack vector mapping in actual CI/CD systems, diving into problem areas, common tripping points and blind-spots, and giving actionable insights, tools and strategies, before ending on a look to the future of CI/CD ecosystems and where they'll advance with regards to reducing attack surfaces. [...] TIMECODES 00:00 Intro 01:57 What is CI/CD? 03:39 What is an attack surface? 08:28 Examples 10:14 Application of attack surface mapping 28:05 The rest 35:32 The real threat 37:45 The future 39:27 Outro Read the full abstract here: https://gotocph.com/2023/sessions/2928 RECOMMENDED BOOKS David Farley • Continuous Delivery Pipelines • https://leanpub.com/cd-pipelines Dave Farley & Jez Humble • Continuous Delivery • https://amzn.to/3ocIHwd David Farley • Modern Software Engineering • https://amzn.to/3GI468M Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #ContinuousDelivery #CD #CICD #BDD #DevOps #Testing #StateOfDevOps #AttackSurfaceMapping #Cybersecurity #DarrenRichardson Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1