Advent of Cyber 2023 : [Day 20 Walkthrough]

[Day 20] DevSecOps Advent of Frostlings

Advent of Cyber (2023). To check out the room, click here.

Learning Objectives

• Learn about poisoned pipeline execution.
• Understand how to secure CI/CD pipelines.
• Get an introduction to secure software development lifecycles (SSDLC) & DevSecOps.
• Learn about CI/CD best practices.

Poisoned Pipeline Execution: Unveiling the Threat

Discover the intricacies of poisoned pipeline execution, a sophisticated attack vector in CI/CD pipelines. Understand how threat actors compromise the Software Development Lifecycle (SDLC) stages by injecting malicious code during the testing phase. Explore the ramifications of such attacks and learn the critical steps in detecting and mitigating these threats to ensure the integrity of your development processes.

Securing CI/CD Pipelines: A Comprehensive Approach

Delve into the essential strategies for securing CI/CD pipelines, the backbone of modern software development. Explore methods to establish robust access controls, enforce secure coding practices, and integrate automated security checks. Learn how to fortify your pipelines against unauthorized access, code injections, and other cyber threats, ensuring the resilience and reliability of your development workflows.

Introduction to Secure Software Development Lifecycles (SSDLC) & DevSecOps

Embark on a journey into Secure Software Development Lifecycles (SSDLC) and the evolving realm of DevSecOps. Understand the fundamental principles behind incorporating security into every phase of the development process. Explore how DevSecOps extends DevOps practices, emphasizing collaboration, automation, and a proactive security mindset. Gain insights into fostering a culture of security awareness within your development teams.

CI/CD Best Practices: Optimizing Development Workflows

Acquire a comprehensive understanding of CI/CD best practices to optimize your software development workflows. Explore the principles of continuous integration and continuous deployment, emphasizing frequent code integration, automated testing, and secure deployment processes. Learn how to implement efficient version control, leverage containerization, and integrate security checks seamlessly. Elevate your development practices by incorporating industry-proven best practices for agile and secure CI/CD pipelines.

WALKTHROUGH

Q#1: What is the handle of the developer responsible for the merge changes?

Answer: @badsecops

Q#2: What port is the defaced calendar site server running on?

Answer: 9081

Q#3: What server is the malicious server running on?

Answer: Apache

Q#4: What message did the Frostlings leave on the defaced site?

Answer: FROSTLINGS RULE

Q#5: What is the commit ID of the original code for the Advent Calendar site?

Answer: 986b7407

Conclusion

In the realm of software development, safeguarding against emerging threats is pivotal. Our exploration covered the nuances of poisoned pipeline execution, the imperative of securing CI/CD pipelines, and the transformative journey towards DevSecOps. Embracing Secure Software Development Lifecycles (SSDLC) and implementing CI/CD best practices emerged as essential measures.I hope you found the walkthrough exciting.
For Day 21, click here.