Penetration Testing Guidelines for CI/CD pipelines

Project overview:

  • Goal: Research common vulnerabilities in CI/CD pipelines and develop a testing guideline.
  • Location: Amsterdam / Eindhoven / Remote
  • Timeframe: 3-6 months
  • Starting: February 2023
  • Complexity: Medium / High
  • Team: Security Specialists
  • Supervisor: Roy Stultiens

As a student, you have:

Education:

  • An HBO or WO level of education in the relevant domain.


Technical skills:

  • Experience with version control (git);
  • Experience with CI/CD (e.g Azure DevOps, Jenkins, GitHub Actions etc.);


Soft skills:

  • The ability to work well in an international team environment;
  • Good communication skills
  • Organized.
  • Clear documentation writing skills.


The project you will be working on:

CI/CD Pipelines are being used by organizations for rapid deployment of applications. Secura performs penetration tests on these services for various clients, often leading to a privilege escalation from developer to administrator.
In this project you will be researching common vulnerabilities, misconfigurations and privilege escalation paths within popular CI/CD pipelines and software (Azure DevOps, Jenkins etc.).

Within the projects you will set up different pipelines (or focus on one, depending on the timeframe) and create a penetration testing guideline for our consultants. This guideline will then be used by your Secura colleagues during assessments.

Contact us

We would like to receive your CV and motivation letter by mail via jobs@secura.com.

Send email keyboard_arrow_right