Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore critical vulnerabilities in open source software build pipelines through this comprehensive security conference talk that reveals how overlooked attack vectors in the software supply chain can be systematically discovered and exploited. Learn about a novel data analysis infrastructure designed to identify zero-day vulnerabilities in major OSS projects, including real-world discoveries in Terraform providers and modules, AWS Helm Charts, and popular GitHub Actions. Examine a detailed attack tree specifically developed for GitHub Actions pipelines that provides deeper analysis than existing research, complete with comprehensive attack scenarios and corresponding mitigation strategies. Discover the innovative "Living Off the Pipeline" (LOTP) reference framework, a unique resource designed to help both Red and Blue teams prioritize high-risk scenarios in their security assessments. Gain insights from practical security research that bridges the gap between theoretical supply chain security concepts and actionable vulnerability discovery techniques, presented by a senior product security engineer with extensive experience in application security and secure system design across both startup and enterprise environments.
