Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Presentation Proposal: DevSecOps takeaways from Hacking into Google's Network for $133,337 #1053

Merged
merged 1 commit into from
Mar 30, 2021
Merged

Presentation Proposal: DevSecOps takeaways from Hacking into Google's Network for $133,337 #1053

merged 1 commit into from
Mar 30, 2021

Conversation

ayubatif
Copy link

Members

Ayub Atif (aatif@kth.se)
GitHub: ayubatif

Topic

I want to use the report for a potential Remote Code Execution attack in Google Cloud Deployment Manager in May 2020 to give an overview of Google Cloud Deployment, the security vulnerabilities observed, and the approach to finding such a bug. I follow this up with key takeaways relevant to the DevSecOps concept. The source is Hacking into Google's Network for $133,337 by Ezequiel Pereira, which I followed up on from a comment by @monperrus on the Devops and Security issue #18.

See outline for more detail.

Outline

  • What is Google Cloud Deployment Manager?
  • Short reminder of the DevSecOps concept.
  • What sort of approach is taken to find the vulnerabilties? (multiple options via audience interaction)
  • Where were the actual vulnerabilities?
  • Relating the vulnerabilities to other DevOps platforms you may work on.
  • Challenges and compromises in your DevSecOps solutions.
  • Takeaway introduction to bug bounty programs.

The contents may be altered to fit the strict presentation timeframe, but the core content should remain.

@Deee92 Deee92 self-assigned this Mar 30, 2021
@Deee92 Deee92 added the presentation One of the task categories listed in README.md label Mar 30, 2021
@Deee92
Copy link
Collaborator

Deee92 commented Mar 30, 2021

Interesting, merging and looking forward to it!

@Deee92 Deee92 merged commit 4e91b44 into KTH:2021 Mar 30, 2021
@monperrus
Copy link
Member

monperrus commented Mar 30, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Deee92 Deee92

Labels
presentation One of the task categories listed in README.md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ayubatif @Deee92 @monperrus