Sign up to save your podcasts
Or
Share ASW #220 - Daniel Krivelevich
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ASW #220 - Daniel Krivelevich
CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews
Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- “CI/CD Goat”. Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures.
Segment Resources:
- https://www.cidersecurity.io/top-10-cicd-security-risks/
- https://github.com/cider-security-research/top-10-cicd-security-risks
- https://www.cidersecurity.io/blog/research/ci-cd-goat/
- https://github.com/cider-security-research/cicd-goat
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw220
View all episodes
By Security Weekly Productions
4.9
1111 ratings
CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews
Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- “CI/CD Goat”. Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures.
Segment Resources:
- https://www.cidersecurity.io/top-10-cicd-security-risks/
- https://github.com/cider-security-research/top-10-cicd-security-risks
- https://www.cidersecurity.io/blog/research/ci-cd-goat/
- https://github.com/cider-security-research/cicd-goat
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw220
More shows like Application Security Weekly (Audio)
View all
Marketplace Tech
1,272 Listeners
Security Now (Audio)
1,983 Listeners
Marketplace
8,671 Listeners
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
636 Listeners
Motley Fool Money
3,195 Listeners
AWS Podcast
202 Listeners
Business Security Weekly (Audio)
3 Listeners
Paul's Security Weekly (Audio)
16 Listeners
Click Here
415 Listeners
Darknet Diaries
7,913 Listeners
Defense in Depth
74 Listeners
Think Fast Talk Smart: Communication Techniques
799 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
9,207 Listeners
Risky Bulletin
43 Listeners