Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- “CI/CD Goat”. Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures. Segment Resources: - https://www.cidersecurity.io/top-10-cicd-security-risks/ - https://github.com/cider-security-research/top-10-cicd-security-risks - https://www.cidersecurity.io/blog/research/ci-cd-goat/ - https://github.com/cider-security-research/cicd-goat Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw220
Released:
Nov 15, 2022
Format:
Podcast episode
Titles in the series (100)
Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.
