Day 20
DevSecOps Advent of Frostlings
Learning Objectives
Learn about poisoned pipeline execution.
Understand how to secure CI/CD pipelines.
Get an introduction to secure software development lifecycles (SSDLC) & DevSecOps.
Learn about CI/CD best practices.
This room is again a very straightforward one with all commands and instructions already given. We just need to follow along and run them.
What is the handle of the developer responsible for the merge changes?
[REDACTED]
This can be found under merge requests
What port is the defaced calendar site server running on?
[REDACTED]
This can be found after looking at the docker command run in the config file
What server is the malicious server running on?
[REDACTED]
This can be found after looking at the docker command run in the config file
What message did the Frostlings leave on the defaced site?
[REDACTED]
This can be found upon visiting the defaced website
What is the commit ID of the original code for the Advent Calendar site?
[REDACTED]
Look at the last known commit by a good actor and you will find the commit ID
Last updated
Was this helpful?