Businesses are building their digital transformation strategies around in-house development and embracing the DevOps philosophy and associated tooling. However, DevOps tooling is commonly insecure by default, misconfigured and rely on the open-source community to keep things up to date and secure. While cyber security folks are catching up with how to secure the Cloud and web apps, few are realizing the growing attack surface from within and the consequences of when a fox gets into the DevOps hen house. This talk will discuss the evolution of attack surfaces and security testing, call out the new attack surface no one else is talking about and then walk the audience through a real-world penetration test of a large software company’s development infrastructure.
