Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore critical security vulnerabilities in CI/CD platforms through this 36-minute Black Hat conference talk that examines isolation mechanism failures and their severe consequences. Discover how inadequate isolation implementations in popular CI/CD servers create pathways for remote code execution (RCE) attacks and privacy breaches, moving beyond surface-level functionality audits to deep application mechanism analysis. Learn about four distinct attack techniques identified through comprehensive research on isolation mechanisms, including real-world vulnerabilities found in well-known applications like Atlassian Bamboo and GoCD. Understand the crucial role isolation plays in the complete CI/CD workflow, from agent-server separation to file system and user data isolation, and examine how failures in these mechanisms expose organizations to significant security risks. Gain insights into exploitation methodologies applicable across multiple CI/CD platforms, analyze workflow vulnerabilities that impact user and enterprise privacy, and understand why many CI/CD platforms have historically deprioritized isolation in their functionality designs. Presented by security researchers Tian Zhou, Yiwen Wang, and Xiu Zhang, this technical presentation provides actionable intelligence for security professionals working to secure CI/CD infrastructure and demonstrates the importance of proper isolation implementation in preventing sensitive information leaks and system compromises.
