Application Security WeeklySubscribe
Application security, DevSecOps

The Top 10 CI/CD Security Risks and CI/CD Goat – Daniel Krivelevich – ASW #220

Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- “CI/CD Goat”. Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures.

Segment Resources:

Full episode and show notes

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

CTO and Co-founder at Cider Security

Daniel Krivelevich is a veteran cybersecurity industry expert and problem solver with over 13 years of enterprise security experience. He has a proven track record working with 100+ enterprises across multiple industries, with a strong orientation to application and cloud security. Having led application and cloud security at Sygnia for nearly four years, Daniel is passionate about finding and developing the right technologies and processes to secure organizations, with a focus on identifying and protecting ‘crown jewels’ and key assets to stay ahead of the threat landscape.

Hosts

Tech Lead at Block
Senior Engineering Leader at AWS

Related

AI fixes everything, C++ the actual worst, IAM is hard – ASW #308

This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us. We also discuss whether Secure by Design's goals are practical or not. OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet. Also, Wat...