Marine du Mesnil
Head of CyberSecurity Tribe and Tech Lead @Theodo
Paris, France
Actions
Marine du Mesnil is particularly interested in computer security and is involved in the Theodo Security Guild to help developers create compliant products by training them and helping them fix flaws in their projects.
She follows the OWASP publications and is interested in access control, which has become the main cause of website vulnerabilities and is ranked in the Top 1 of the new OWASP Top 10. She works on automation to increase security and reduce mental charge for developers.
Links
Area of Expertise
Topics
CI / CD: Correct Implementation or Continuous Deceptionenfr
Robbed secrets, code leaks, RCE (Remote Code Execution), ... are a few consequences of an insecure or badly configured CI. However, CI / CDs are often out of scope in pentests, and no one is responsible for securing them.
CI / CDs improved our code best practices, including security, and ways to enforce them by adding automated tools and standards in teams. However, they are part of the attack surface and must be secured, patched and verified with the same precautions as the code. Some default configurations are even dangerous and need to be changed!
In this talk, you'll discover how injections can be made in CI / CDs, how to extract secrets or execute scrips and the best ways to secure your pipelines.
Marine du Mesnil
Head of CyberSecurity Tribe and Tech Lead @Theodo
Paris, France
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top