Red vs Blue: Best Practices for Jenkins Credentials Management
CyberArk Labs published a series of research on Jenkins credentials management in an effort to educate organizations on potential security risks and share recommended mitigations and best practices for ensuring security and DevOps velocity.
Jenkins is an open source automation server used to accelerate the software delivery process. Widely considered the de facto standard in open source continuous integration tools, the server effectively acts as the DevOps engine, addressing everything from source code management to delivering code to production.
In this session, we demonstrate common attack techniques via red and blue team tactics and share measures organizations can take to secure secrets and ultimately, protect enterprise assets from common attacks.
Nimrod Stoler, cyber researcher