Session
Without a Trace: Supply Chain Attacks in the Terraform Registry
LIVE DEMO of a supply chain attack.
Terraform currently has the largest market share of the IaC tools, used to manage billions of dollars of enterprise infrastructure. The Terraform Registry allows engineers to use community modules in their configurations.
What few users know is that the Registry has a major security hole, allowing module authors to insert malicious code without the end user being aware. Come to this talk to learn about supply chain attacks and watch Kyle steal his own enterprise credentials through a module on the Terraform Registry. Guaranteed, you will never use it again.
Requires reliable internet during the talk.
Target audience: cloud infrastructure engineers / DevOps.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top