Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Command Injection Vulnerabilities in CI/CD Pipelines - Securing Bazel GitHub Actions

DEFCONConference via YouTube

Start learning Write review
CodeSignal Ad

2,000+ Free Courses with Certificates: Coding, AI, SQL, and More

Learn More → Boot.dev Ad

The Fastest Way to Become a Backend Developer Online

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore critical security vulnerabilities in CI/CD pipelines through this DEF CON 32 conference talk that demonstrates how command injection in pipeline components can compromise major projects. Learn from a detailed case study of a command injection vulnerability discovered in Bazel GitHub Action, Google's flagship project, and witness live demonstrations showing how attackers can exploit pipeline weaknesses to inject malicious code into widely-used repositories. Gain practical knowledge about securing CI/CD pipelines and implementing effective protection strategies to safeguard development projects from similar security threats.

Syllabus

DEF CON 32 - Your CI CD Pipeline Is Vulnerable, But It's Not Your Fault - Elad Pticha, Oreen Livni

Taught by

DEFCONConference

Reviews

Start your review of Command Injection Vulnerabilities in CI/CD Pipelines - Securing Bazel GitHub Actions

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.