Abstract:

A cautionary tale for those who deploy to AWS using GitHub.   This talk (using live hacking demos) demonstrates how easy it can be for a malicious open source collaborator to abuse default settings, and a lack of enabled security best practices within GitHub to gain access to the pipeline, the code and potentially the destination (AWS).

​

Bio:

I am enjoying life as a Developer Advocate with Bridgecrew (by Palo Alto) specialising in Cloud and Infrastructure Security Automation.

 

Prior to this I was a Solution Architect for StackRox and Aqua Security specialising in container and kubernetes security and also previously spent several years Synopsys establishing DevSecOps best practices for enterprise CI/CD pipelines.