all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Vulnerabilities and Misconfigurations in GitHub Actions - Rojan Rijal

Add to bookmarks
July 18, 2023, 4:24 p.m. | fwd:cloudsec

fwd:cloudsec www.youtube.com

GitHub Actions has helped companies automate their CI/CD pipeline with ease by directly integrating with their code sources. This ease however can come with pain when various vulnerabilities arise due to misconfigurations, code vulnerabilities and supply-chain attack vectors.

This talk will cover three different vulnerability types in GitHub Actions. We’ll go over basic code execution examples due to unsanitized user inputs, and two unique vulnerabilities seen by us. The first vulnerability will cover a supply chain attack by exploiting vulnerable …

actions attack attack vectors cd pipeline code code vulnerabilities companies github github actions misconfigurations pipeline supply types vulnerabilities vulnerability

Visit resource

More from www.youtube.com / fwd:cloudsec

How Citi Advanced Their Containment Capabilities Through Automation - Damien Burks, Elvis Veliz 9 months, 1 week ago | www.youtube.com
advanced automation automation and orchestration aws +19
Google Cloud Threat Detection: A Study in Google Cloud - Day Johnson 9 months, 1 week ago | www.youtube.com
cloud detection finger google +7
Vulnerabilities and Misconfigurations in GitHub Actions - Rojan Rijal 9 months, 1 week ago | www.youtube.com
actions attack attack vectors cd pipeline +11
It's Just a Name, Right - Nathan Eades 9 months, 1 week ago | www.youtube.com
access attack aws cloud +17
AWS Presigned URLs The Good, The Bad, and The Ugly - Jarom Brown 9 months, 1 week ago | www.youtube.com
access actions attack attackers +13
Success Criteria for your CSPM - David White 9 months, 1 week ago | www.youtube.com
check claim cspm environment +6
Beyond the AWS Security Maturity Roadmap - Rami McCarthy 9 months, 1 week ago | www.youtube.com
aws beyond build cloud +11
Welcome - Aaron Zollman 9 months, 1 week ago | www.youtube.com
aaron conference expect
fwd:cloudsec State of the Union - Scott Piper 9 months, 1 week ago | www.youtube.com
cloud cloud security conference drive +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States
View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY
View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote
View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada
View on infosec-jobs.com
View more jobs