Are you Genius?! Hackers too!
The most important iron rule when using cloud platforms, SaaS platforms, and CI/CD platforms is the Principle of Least Privilege (PoLP). We always believe that by setting the minimal amount of privileges possible, we can ensure the security of the system. But is this really the case? This session will present an intriguing case study where the misuse of the Github Actions API led to privilege escalation and the hijacking of the CI/CD process, as well as tampering with the Repository. In this instance, despite the developers adhering strictly to the official documentation's recommended settings for all permissions, in line with the Principle of Least Privilege, it still resulted in the exploitation of vulnerabilities that compromised the website.
TOPIC / TRACK
DevSecOps Forum
LOCATION
Taipei Nangang Exhibition Center, Hall 2
7F 701C
LEVEL
Intermediate Intermediate sessions focus on cybersecurity architecture, tools, and practical applications, ideal for professionals with a basic understanding of cybersecurity.
SESSION TYPE
Breakout Session
LANGUAGE
Chinese
SUBTOPIC
API Security
DevSecOps
Red Team
CYBERSEC 2024 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。