Speakers
Synopsis
Are your DevOps practices truly secure? Think your CI/CD is impenetrable? Curious about the vulnerabilities lurking in your development and deployment processes that you might have overlooked? What if an attacker could turn your own tools against you, compromising your entire organisational pipeline and delivery chain?
This presentation explores the often-underestimated vulnerabilities within DevOps environments, demonstrating how attackers can exploit unsecured CI/CD processes to gain highest-privilege access and compromise the entire development chain. Through live demonstrations, attendees will explore a range of attack vectors - from compromising build servers and exploiting misconfigurations in container registries to injecting malicious code into dependencies. Watch how these techniques can be leveraged across popular development and deployment platforms, leading to a full compromise of the supply chain. The session concludes with strategies to reduce risks and strengthen DevOps security, ensuring your pipeline is a development tool, not a target for attackers.
