BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Arsenal: Introducing RAVEN - Discovering and Analyzi
 ng CI/CD\n   Vulnerabilities in Scale\n   When: Friday\, Aug 9\, 15:00 - 1
 5:59 PDT\n   Where: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2 - 
 [1]Map\n\n   Description:\n\n   As the adoption of CI/CD practices continu
 es to grow\, securing these\n   pipelines has become increasingly importan
 t. However\, identifying\n   vulnerabilities in CI/CD pipelines can be dau
 nting\, especially at\n   scale. In this talk\, we present our tooling\, w
 hich we intend to\n   release as open-source software to the public that h
 elped us uncover\n   hundreds of vulnerabilities in popular open-source pr
 ojects' CI/CD\n   pipelines.\n\n   RAVEN (Risk Analysis and Vulnerability 
 Enumeration for CI/CD) is a\n   powerful security tool designed to perform
  massive scans for GitHub\n   Actions CI workflows and digest the discover
 ed data into a Neo4j\n   database. With RAVEN\, we were able to identify a
 nd address potential\n   security vulnerabilities in some of the most popu
 lar repositories\n   hosted on GitHub\, including FreeCodeCamp\, Fluent UI
  by Microsoft\, and\n   much more. This tool provides a reliable and scala
 ble solution for\n   security analysis\, enabling users to query the datab
 ase and gain\n   insights about their codebase's security posture\n\n   Sp
 eakers:Elad Pticha\,Oreen Livni\n\n   SpeakerBio:  Elad Pticha\n\n   Elad 
 is a passionate security researcher with a focus on software\n   supplyÂ c
 hainÂ and web application security. He dedicates his time to\n   writing s
 ecurity research tools and finding vulnerabilities across a\n   broad spec
 trum\, from open-source projects and web applications to IoT\n   devices a
 ndÂ pretty muchÂ anything with an IP address.\n\n   SpeakerBio:  Oreen Liv
 ni\n\n   Oreen Livni is a passionate security researcher specializing in\n
    application and supply chain security\, Domain\, and networking. With a
 \n   focus on software supply chain vulnerabilities. Alongside his\n   pro
 fessional commitments\, he immerses himself in art\, gardening\, and\n   t
 he world of surfing\, always seeking new experiences. With an\n   unwaveri
 ng commitment to staying updated on the latest security\n   trends\, he em
 braces new challenges and strives to make a difference in\n   the cybersec
 urity landscape.\n\n   '\n\n   1. #LVCCW_Level2_North\n\n\n
DTEND:20240809T225900Z
DTSTART:20240809T220000Z
LOCATION:APV - LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2
SUMMARY:Arsenal: Introducing RAVEN - Discovering and Analyzing CI/CD Vulner
 abilities in Scale
END:VEVENT
END:VCALENDAR