all InfoSec news
GF - Actions have consequences: The overlooked Security Risks in 3rd party GitHub Actions
Oct. 25, 2023, 9:50 p.m. | BSidesLV
BSidesLV www.youtube.com
After reviewing the build logs of public CI pipelines, I noticed security issues related to permissions and build integrity. To investigate the extent of the problem, I analyzed the build logs of the top 2,000 starred repositories on GitHub, and the results surprised even me. In this talk, I will share my findings on the prevalence of the world’s most popular repositories that fail to manage their build permissions. Such failure can lead to severe consequences, …
actions build consequences github github actions integrity logs party permissions pipelines problem public repositories results risks security security issues security risks
More from www.youtube.com / BSidesLV
GF - Open Source GitOps for Detection Engineering
6 months, 1 week ago |
www.youtube.com
GT - Playing Games with Cybercriminals
6 months, 1 week ago |
www.youtube.com
BG - And Together We Crossed the River…
6 months, 1 week ago |
www.youtube.com
CG - Conti Leaks and CARVER Analysis for Threat Intel Analysts
6 months, 1 week ago |
www.youtube.com
PW - Could Passwordless be Worse than Passwords?
6 months, 1 week ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Security Operations Program Manager
@ Microsoft | Redmond, Washington, United States
Sr. Network Security engineer
@ NXP Semiconductors | Bengaluru (Nagavara)
DevSecOps Engineer
@ RP Pro Services | Washington, District of Columbia, United States
Consultant RSSI H/F
@ Hifield | Sèvres, France
TW Senior Test Automation Engineer (Access Control & Intrusion Systems)
@ Bosch Group | Taipei, Taiwan
Cyber Security, Senior Manager
@ Triton AI Pte Ltd | Singapore, Singapore, Singapore