DevOps, Threat modeling

Binary Planting, GitLab, and DevOps Pipelines – ASW #89

December 16, 2019



Binary Planting with the npm CLI is another way to describe one of our favorite attacks, GitLab Doles Out Half a Million Bucks to White Hats, Speculation & leakage: Timing side channels & multi-tenant computing from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model, How can we integrate security into the DevOps pipelines? By picking from many of the great resources in this article, Go passwordless to strengthen security and reduce costs -- and design your app to support these types of workflows, including account recovery.

Visit for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

Binary Planting, GitLab, and DevOps Pipelines

Bugs, Breaches, and More!
If you build it, they will come
Learning & Tools
Food for Thought


[caption id="attachment_210" align="alignleft" width="120"]John Kinsella John Kinsella - Vice President of Container Security[/caption] [caption id="attachment_210" align="alignleft" width="120"]Matt Alderman Matt Alderman - CEO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Mike Shema Mike Shema - Product Security Lead[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Dave Ferguson Dave Ferguson - Director of Product Management, WAS[/caption]


  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to If you have missed any of our previously recorded webcasts, you can find our on-demand library at

[audio src=""]

prestitial ad