44CON 2019 has ended
Back To Schedule
Wednesday, September 11 • 19:15 - 19:45
Continuous Integration / Continuous Bounties: Attacking development pipelines for actual profit

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
CI/CD pipelines are the perfect, bug-rich target for new and experienced bug hunters. As complex, user-controlled automated processes with access to authentication secrets, source code, and application servers in multi-system, multi-user environments, they combine all the things that make bugs likely. In the presentation, I will outline a methodology for hunting for bugs in CI/CD pipelines and walk through actual bugs which have resulted in tens of thousands of dollars in bounty payments.


Wednesday September 11, 2019 19:15 - 19:45 BST
Village Hall