SilverLining Episode 54: Threats on CI/CD pipeline

Episode 54 September 21, 2022 00:31:04
SilverLining Episode 54: Threats on CI/CD pipeline
SilverLining IL
SilverLining Episode 54: Threats on CI/CD pipeline
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Guest: Guy Flechter

Guest Title: CEO & Co-Founder at Cider Security

Topic: Threats on CI/CD pipeline 

Language: English

 

Abstract

The main attraction point in cloud for most organizations is the ability to produce scalable and resilient applications - faster. One of the main foundations for that is the ability to create CI/CD pipelines that will automate the integration of new code to old code and the deployment of the code to the various testing and production environments. But as organizations continue to adopt CI/CD - there is an increasing number of attacks on the pipelines.

In this episode we spoke with Guy Flechter, Co-founder and CEO at Cider Security - on CI/CD relevant threats and risks and incidents that happened in the past and things we can learn from them.

Other Episodes

Episode 28

November 11, 2020 00:29:02
Episode Cover

Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

Attendees Guest: Ofer Maor Guest title: Co-Founder & CTO  Company: Mitiga Abstract The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples. Timing: 0:00 Introducing our guest and Mitiga 3:32 Preparing for cloud incident response  7:15 Cloud attack vector - malicious AMI 11:00 More attack vectors on marketplaces 13:18 Github attack vectors 18:15 attack vector - Business email compromise on 365 25:44 how to mitigate cloud incidents 27:58 Summary and last words ...

Listen

Episode 42

October 06, 2021 00:19:48
Episode Cover

SilverLining Episode 42: How to mature devsecops operations

Guest: Hemi Gur-Ary  Guest Title: Co-Founder & CEO at VATA Abstract:  Various organizations around the world are struggling to build & mature their devsecops operations. DSOM (Devsecops Maturity Model) is an OWASP project designed to help organizations plan and prioritize their devsecops strategies. In this episode, Hemi Gur-Ary, co-founder at VATA and senior devsecops consultant, shares his insights about DSOM and how organizations can use it for reshaping their devsecops practices.   ...

Listen

Episode 48

March 16, 2022 00:37:12
Episode Cover

SilverLining Episode 48: Deep dive into Confidential computing

Guest: Yan Michalevsky Guest title:  Co-Founder and CTO at Anjuna Language: English   Abstract Confidential computing is one of the more interesting technologies that is developed today. The combination of using secure hardware features, advanced cryptography with tight virtualization integration enables us to protect data at untrusted environments and protect from very illusive threats such as government access and malicious insiders. In this episode we spoke with Yan Michalevsky, Co-Founder and CTO at Anjuna, regarding confidential computing and why we should pay attention to it. ...

Listen