サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
パリ五輪
securitylab.github.com/research
Keeping your GitHub Actions and workflows secure Part 3: How to trust your building blocks Jaroslav Lobacevski This post is the third and final in a series of posts about GitHub Actions security. Part 1, Part 2 In previous blog posts, we discussed possible mistakes and abuse patterns that could lead to the compromise of your GitHub repository. This time, I’ll discuss sometimes less obvious — whose
Fail2exploit: a security audit of Fail2ban Kevin Backhouse Security audits don’t always produce interesting results. As a member of GitHub Security Lab, my job is to help improve the security of open source software by finding and reporting vulnerabilities. On this occasion, I audited the open source project Fail2ban and I struck out: I didn’t find any issues worth reporting. From my perspective a
Keeping your GitHub Actions and workflows secure Part 2: Untrusted input Jaroslav Lobacevski This post is the second in a series of posts about GitHub Actions security. Part 1, Part 3 We previously discussed the misuse of the pull_request_target trigger within GitHub Actions and workflows. In this follow-up piece, we will discuss possible avenues of abuse that may result in code and command inject
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests Jaroslav Lobacevski This post is the first in a series of posts about GitHub Actions security. Part 2, Part 3 In this article, we’ll discuss some common security malpractices for GitHub Actions and workflows, and how to best avoid them. Our examples are based on real-world GitHub workflow implementation vulnerabilitie
How to get root on Ubuntu 20.04 by pretending nobody’s /home Kevin Backhouse I am a fan of Ubuntu, so I would like to help make it as secure as possible. I have recently spent quite a bit of time looking for security vulnerabilities in Ubuntu’s system services, and it has mostly been an exercise in frustration. I have found (and reported) a few issues, but the majority have been low severity. Ubun
このページを最初にブックマークしてみませんか?
『securitylab.github.com』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く