Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore a 30-minute conference talk from NorthSec that delves deep into the often-overlooked vulnerabilities within Open Source package Build Pipelines. Learn how researchers developed sophisticated data analysis infrastructure to uncover 0-day vulnerabilities in major OSS projects, including Terraform providers, AWS Helm Charts, and GitHub Actions. Gain valuable insights through a comprehensive attack tree analysis of GitHub Actions pipelines, understanding both potential attack vectors and essential mitigations. Discover a novel 'Living Off the Pipeline' (LOTP) components reference designed to help Red and Blue teams identify and prioritize high-risk scenarios. Presented by Benoît Côte-Jodoin, a Senior Product Security Engineer at BoostSecurity and former CTF player, alongside François Proulx, who leads the Supply Chain research team at BoostSecurity and brings over a decade of AppSec program development experience from both large corporations and startups.
