Securing Your Web Application Pipeline From Intruders




Securing Your Web Application Pipeline From Intruders

28 January 2021


Added 01-Jan-1970

During the life cycle of a project, it can be easy to build a CI/CD pipeline with just speed and resources in mind. This also makes it easy to leave the security of your pipeline as an afterthought because of how tedious it can be to build a pipeline to begin with. In this talk, we'll look into the different ways an intruder can compromise your pipeline and how you can build in security as you create and update your pipelines.

Some things we will consider include how easy it would be for an intruder to get your environment variables, how well defined your permissions are, and if there are any third party services or bugs that could be exploited. We'll look at a comparison of a few CI/CD tools and how you can handle these concerns in their respective ecosystems. By the end of this talk, you should feel comfortable doing a quick pipeline security audit and fixing some security concerns in multiple CI/CD products.

Speaker1: Milecia McGregor

Milecia is a senior software engineer that's worked with JavaScript, Angular, React, Node, PHP, Python, .NET, SQL, AWS, Heroku, Azure, and many other tools to build web apps. She also has a master's degree in mechanical and aerospace engineering and has published research in machine learning and robotics. She started Flipped Coding in 2017 to help people learn web development with real-world projects and she publishes articles covering all aspects of software on several publications, including freeCodeCamp. She also travels around the world speaking at tech conferences about various software engineering topics ranging from machine learning, PWAs, and managing a career in tech.

Speaker2: Rajalakshmi Srinivasan

Rajalakshmi Srinivasan, or Raji as she’s fondly called, is a director - product management, at Zoho Corp. In her 20 years journey with the company, she has gained extensive experience ranging from database scaling and network monitoring to application performance tracking and end-user-experience management. She currently leads the application performance monitoring section in Site24x7 - a cloud based all-in-one monitoring product from Zoho Corp.

She has an engineering degree in Computer Science from The College Of Engineering, Guindy (CEG), Chennai. She is a fitness freak. When she is not working, you can spot her running marathons, participating in clean-up drives, and traveling places along with her 3 little ones. She can be reached on LinkedIn and Twitter.