This talk was presented at SOURCE Boston 2013 and THOTCON 0x4. I talk about some basic development processes, my perspectives as an opensource contributor, and how hosted (cloud-based) CI/CD services make my life so much easier. I also take a look at some different attack vectors to consider on CI/CD deployments in general and what the potential impacts could be if leveraged successfully. Lastly, I announce a soon to be released tool that I developed to help test CI/CD servers for security weaknesses.
Recorded Presentation - https://www.youtube.com/watch?v=i5REko2mYBk&feature=c4-overview&list=UUbIJ5eQhfXgdGwEqDs3F86A
Demo #1 - https://vimeo.com/65071592 (Pop a Reverse Shell using Continuous Integration)
Demo #2 - https://vimeo.com/65071593 (Make an Unauthorized Commit to Master using Continuous Integration)
RottenApple - https://github.com/claudijd/rotten_apple