4–7 Nov 2019
Andi Sieferlinger

Andi Sieferlinger
Cloud Platform Engineer, Scout24

Website

Andreas Sieferlinger is a cloud platform engineer at Scout24, where he works on building CI/CD systems. He focuses on simplifying workflows by making it easy to follow best practices. Previously, he worked on designing scalable AWS architectures for video streaming and developer tooling to simplify cloud migrations. Aside from IT, he spends most of his time in Boy Scout-ing, outdoor activities, and fiddling around with synthesizers. You can find him on Twitter as @webratz.

Sessions

13:2514:05 Wednesday, 6 November 2019
Location: R2
The deputy shot the sheriff: Privilege escalation in build pipelines
Building Secure Systems
Andi Sieferlinger (Scout24)
Average rating: *****
(5.00, 1 rating)
Build pipelines are commonly used in the industry to build and roll out changes to cloud accounts. Typically, wide permissions are granted to those systems, making them an interesting attack vector. Take a look with Andreas Sieferlinger at typical vulnerabilities and examine the case of the confused deputy—a trusted third-party party—and how these vulnerabilities can be mitigated in real-life. Read more.
  • Oracle Cloud Infrastructure
  • Cloudflare
  • JFrog
  • Akamas
  • Aqua Security Software
  • Fastly
  • Google
  • Instana
  • JetBrains
  • LaunchDarkly
  • LightStep
  • OVHcloud
  • SignalFx
  • VictorOps
  • Wayfair
  • Blameless
  • Chronosphere
  • FusionReactor
  • humanitec
  • replex GmbH
  • StackState
  • Datadog
  • GitLab
  • Gremlin
  • StormForger
  • SysEleven GmgH
  • Vamp.io
Become a sponsor

Contact us

confreg@oreilly.com

For conference registration information and customer service

partners@oreilly.com

For more information on community discounts and trade opportunities with O’Reilly conferences

velocity@oreilly.com

For information on exhibiting or sponsoring a conference

pr@oreilly.com

For media/analyst press inquires