A few months ago I posted a high-level overview of some source code repository tampering risks.
The other day I presented a much deeper dive at BSides DC, with examples of multiple ways to manipulate CVS, Git, and Subversion repositories, and some thoughts on how companies and code-hosting sites could/should harden their infrastructures.
Watch the presentation, or download the slides. (PDF warning)
Watch for future blog posts that extract and expand upon some of those examples.
Thanks to the BSidesDC folks for a great conference, and to ComputeCycle for the recordings!
Comments are closed for this story.
|Please contact us if you would like more information about our services, tools, or careers with us.|