1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Continuous integration tools can be the Achilles heel for a company's IT security

Discussion in 'Network World' started by RSS, Nov 13, 2015.

  1. RSS

    RSS New Member Member

    Some of the most popular automated software building and testing tools used by developers have not been designed with security in mind and can open the door for attackers to compromise enterprise networks.

    These so-called continuous integration (CI) tools allow developers to automatically create software builds when code changes are contributed by developers to a central repository. The creation of these builds, which are used for quality control, is coordinated by a CI master server based on predefined rules and done on CI slave machines.

    If hackers manage to access a CI master server, they can steal proprietary source code, but also gain the ability to execute commands on all the machines that operate as CI slaves, security researcher and penetration tester Nikhil Mittal said Friday in a presentation at the Black Hat Europe security conference in Amsterdam. "This access could be used for lateral movement to get access to more machines."

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page