Anniek van der Peijl
Anniek is a security tester and general devsecops nerd.
Session
10-30
11:00
60min
Azure DevOps privilege escalation: Pipeline shenanigans
Anniek van der Peijl
CI/CD pipelines are the standard way of deploying not just applications but infrastructure as well. To do all that, they usually have some juicy privileges. Privileges that I want.
In this talk we're going to have a look at Azure DevOps pipelines, their permission settings, and all the ways in which you think you may have secured your pipeline that actually aren't watertight. With live demos (fingers crossed!) to show every problem and every fix.
Talks
Main Stage