English (United Kingdom)

https://curated-unify.zendy.io/wp-json/zendy-region/v1/featured_content/oa?rat=en

https://curated-unify.zendy.io/wp-json/zendy-region/v1/highlighted_journal/

Global: Zendy Plus annual

Presents the access of premium content as premium feature

Premium Content

Presents the keyphrase highlighting as premium feature

Keyphrase Highlighting

Presents the summarisation as premium feature

Summarisation

Insights

Presents the pdf analysis as premium feature

PDF Analysis

Presents the zaia usage as premium feature

ZAIA

Global: Zendy Plus monthly

Global: Zendy Tools annual

Global: Zendy Tools monthly

Global: Zendy Free Plan

Companies are misled into thinking they solve their security issues by usinga DevSecOps system. This paper aims to answer the question: Could a DevOpspipeline be misused to transform a securely developed application into aninsecure one? To answer the question, we designed a typical DevOps pipelineutilizing Kubernetes (K8s} as a case study environment and analyzed theapplicable threats. Then, we developed four attack scenarios against the casestudy environment: maliciously abusing the user's privilege of deployingcontainers within the K8s cluster, abusing the Jenkins instance to modify filesduring the continuous integration, delivery, and deployment systems (CI/CD)build phase, modifying the K8s DNS layer to expose an internal IP to externaltraffic, and elevating privileges from an account with create, read, update,and delete (CRUD) privileges to root privileges. The attacks answer theresearch question positively: companies should design and use a secure DevOpspipeline and not expect that using a DevSecOps environment alone is sufficientto deliver secure software.

Making Secure Software Insecure without Changing Its Code: The Possibilities and Impacts of Attacks on the DevOps Pipeline