44CON 2019 has ended
Wednesday, September 11 • 19:15 - 19:45
Continuous Integration / Continuous Bounties: Attacking development pipelines for actual profit

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
CI/CD pipelines are the perfect, bug-rich target for new and experienced bug hunters. As complex, user-controlled automated processes with access to authentication secrets, source code, and application servers in multi-system, multi-user environments, they combine all the things that make bugs likely. In the presentation, I will outline a methodology for hunting for bugs in CI/CD pipelines and walk through actual bugs which have resulted in tens of thousands of dollars in bounty payments.


Wednesday September 11, 2019 19:15 - 19:45
Village Hall

Attendees (18)