Speakers
Synopsis
Are your DevOps practices truly secure? Think your CI/CD is impenetrable? Curious about the vulnerabilities lurking in your development and deployment processes that you might have overlooked? What if an attacker could turn your own tools against you, compromising your entire organisational pipeline and delivery chain?
This presentation explores the often-underestimated vulnerabilities within DevOps environments, demonstrating how attackers can exploit unsecured CI/CD processes to gain highest-privilege access and compromise the entire development chain. Through real-world scenarios, practical insights, and activities, attendees will explore attack vectors on DevOps pipelines, including leaked secrets, token abuse, and misconfigurations in pipeline-as-code, such as code injection. Watch how these techniques can be leveraged across popular development and deployment platforms, leading to a full compromise of the supply chain. The session concludes with strategies to reduce risks and strengthen DevOps security, ensuring your pipeline is a development tool, not a target for attackers.
