GIT Your Secrets - Isak van der Walt | 0xCON 2023
Вставка
- Опубліковано 9 вер 2024
- The talk covers three primary aspects:
- A technical overview of how the git version control tool works.
- Some inherent and typical security issues related to git.
- Prevention and resolution of the prior demonstrated issue.
This talk does not contain any "new" research but rather just a full presentation of the git internals, the known inherent vulnerabilities and their resolution - all of which have been previously documented.
The first section aims to provide an overview for people not familiar with git, before diving into the building block - so called "plumbing" - tools utilized by git to perform its version control. This serves to provide a better understanding for the vulnerabilities as well as how to better utilize git.
The second section covers inherent vulnerabilities such as lack of author validation and secrets in version control histories, some of which will be accompanied with a basic demonstration. This also provides a baseline for what to look for from a defender's perspective
Finally the preventative measures and resolutions will be covered to address the aforementioned issues. Some simple measures in addition to the knowledge of the vulnerabilities can vastly reduce most of the surface area and risk associated with the covered vulnerabilities.
