Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

Forums it-sa Expo Knowledge Forum A

WALLSEC - Your partner for secure software CI / CD Build Pipelines

Join us to discuss the importance of CI/CD Build Pipelines, their challenges, and tips to enhance security in software development!

Buy trade fair ticket

You can register for this action soon.

You can register for the digital action soon.

Please come back at the scheduled date and time.

The action is currently live. Please scroll down to watch.

This action is only available onsite: Forums it-sa Expo

Add action to bookmarks and download as iCal

Join now

Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.

Please log in or register in advance so that you can take part in actions or watch the action videos!

This action has already taken place. This action will soon be available as a video.

This action has already taken place. Please scroll down to watch the video.

This action has already taken place. Please login or register to watch the video.

This action has already taken place. It's not available any more.

You are in!

Your ticket / access to the action was sent to you by email.

There is a problem with the action at the moment. Please come back later or contact support.

calendar_today Wed, 23.10.2024, 16:00 - 16:15

event_available On site

place Forum, Booth 6-215

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Education and training Awareness / Phishing / Fraud Cloud Security

Key Facts

CI/CD pipelines
Top 3 security measures

Organizer

WALLSEC GmbH

Event

This action is part of the event Forums it-sa Expo

Action Video

Action description

WALLSEC is an IT security consulting company specialising in penetration testing, security audits, CI/CD pipeline security, vulnerability management, security policy as a service and as code, SOC, SIEM, and forensics consulting.

One of our key focus areas is the security of software CI/CD Build Pipelines. In collaboration with our clients, we offer:

- Threat modelling based on CI / CD pipeline architecture
- Security Workshops with build system operation teams
- Technical reviews and audits
- Penetration tests from various perspectives:
-- Outsider attacker
-- Compromised internal user
-- Compromised developer user

We have identified three crucial security measures for securing a CI/CD pipeline:

1. Secrets Management
- Implement the least privilege principle to minimize the impact of compromises.
- Ensure secure handling of authorizations to code, builds, secrets, and infrastructure.

2. Cross-Build and Tenant Isolation
- Recognize that build jobs inherently execute possibly untrusted code.
- Segregate build jobs and personnel across PROD, QA, and DEV jobs and environments.

3. Secure Operation
- Maintain robust asset management, access management, patch management, network filtering, and configuration hardening.

By focusing on these key areas, we ensure the security and integrity of the CI/CD pipelines. Join our talk to learn more about safeguarding your build pipelines and enhancing your security posture! ... read more