Locking Down GitFlow with GitHub, GitLab, and Azure DevOps смотреть онлайн

Part 1 of 3 in the Cloud Security and DevSecOps webcast series.

As cloud, security, and operations teams move to DevOps workflows, understanding GitFlow and how to harden version control systems is critical. In this webcast, SEC540 author and instructor will demonstrate how a GitLab version control misconfiguration can allow a CI/CD pipeline to be compromised and result in malware being deployed to the build server. We will then review the security controls available in the GitHub, GitLab, and Azure DevOps version control systems which could have prevented the attack.

Part 2 with Ben Allen, Setting the Gold Standard - Using CI pipelines to create validated OS images: https://youtu.be/H5F--yJzUDc

Part 3 with Frank Kim, Cloud Static Analysis Showdown: https://youtu.be/0YnUyYP5RZM

This series supports SANS SEC540: Cloud Security and DevSecOps Automation course, https://www.sans.org/cyber-security-courses/cloud-security-devsecops-automation/

FREE Cloud Security Resources: www.sans.org/cloud-security and www.sans.org/free

Speaker Bio
Eric Johnson (@emjohn20)
Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevOps Automation, a co-author and instructor for both the brand new SEC510: Public Cloud Security: AWS, Azure, and GCP, and the upcoming SEC584: Cloud Native Security: Defending Containers & Kubernetes. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys. Read more about Eric at https://www.sans.org/profiles/eric-johnson/