avatarAxoloth

Summary

This web page provides a walkthrough for the "Intro to Pipeline Automation" room on TryHackMe, covering topics such as DevOps pipelines, source code and version control, dependency management, automated testing, continuous integration and delivery, and environments.

Abstract

The web page titled "TryHackMe | Intro to Pipeline Automation | WriteUp" is a guide for users to learn about pipeline automation and its security implications. The page covers various topics related to DevOps pipelines, including source code and version control, dependency management, automated testing, continuous integration and delivery, and environments. The guide is structured as a series of tasks, each with a question and answer format, to help users understand the concepts and apply them in practice. The page also includes links to external resources and a YouTube video for further learning.

Bullet points

  • The web page is a walkthrough for the "Intro to Pipeline Automation" room on TryHackMe.
  • The guide covers various topics related to DevOps pipelines, including source code and version control, dependency management, automated testing, continuous integration and delivery, and environments.
  • The guide is structured as a series of tasks, each with a question and answer format.
  • The page includes links to external resources and a YouTube video for further learning.
  • The guide aims to help users understand the concepts of pipeline automation and apply them in practice.
  • The guide also covers potential security risks associated with pipeline automation.
  • The guide is intended for users who are interested in learning about pipeline automation and its security implications.

TryHackMe | Intro to Pipeline Automation | WriteUp

This room provides an introduction to DevOps pipeline automation and the potential security concerns

↓↓↓ Click here and earn $5 TryHackMe credit ↓↓↓

TryHackMe | Intro to Pipeline Automation | WriteUp

Find the room here: https://tryhackme.com/room/introtopipelineautomation

Task 1 Introduction

Humans are always looking for simpler and more efficient ways to do things. Just as we started programming and developing software, we were looking for ways to automate some of the tasks. Today, automation is heavily ingrained in the Software Development Life Cycle (SDLC) and DevOps processes. While this is incredibly good for production, allowing for faster development and deployment, it does, however, introduce new security risks. When these processes are manual, an attacker would have to compromise the credentials or workstation of the individual that performed the relevant process. However, with automation, an attacker can now go after the pipeline itself.

I’m ready to learn about pipeline automation and how to make sure it is secure!

No answer needed

Task 2 DevOps Pipelines Explained

Where in the pipeline is our end product deployed?

Environments

Task 3 Source Code and Version Control

Who is the largest online provider of Git?

Github

What popular Git product is used to host your own Git server?

Gitlab

What tool can be used to scan the commits of a repo for sensitive information?

GittyLeaks

Task 4 Dependency Management

What do we call the type of dependency that was created by our organisation? (Internal/External)

Internal

What type of dependency is JQuery? (Internal/External)

External

What is the name of Python’s public dependency repo?

PyPi

What dependency 0day vulnerability set the world ablaze in 2021?

Log4j

Task 5 Automated Testing

What type of tool scans code to look for potential vulnerabilities?

SAST

What type of tool runs code and injects test cases to look for potential vulnerabilities?

DAST

Can SAST and DAST be used as a replacement for penetration tests? (Yea,Nay)

Nay

Task 6 Continuous Integration and Delivery

What does CI in CI/CD stand for?

Continuous Integration

What does CD in CI/CD stand for?

Continuous Delivery

What do we call the build infrastructure element that controls all builds?

Build Orchestrator

What do we call the build infrastructure element that performs the build?

Build Agent

Task 7 Environments

Which environment usually has the weakest security configuration?

DEV

Which environment is used to test the application?

UAT

Which environment is similar to PROD but is used to verify that everything is working before it is pushed to PROD?

PrePROD

What is a common class of vulnerabilities that is discovered in PROD due to insecure code creeping in from DEV?

Developer Bypasses

Task 8 Challenge

What is the flag received after successfully building your pipeline?

THM{Pipeline.Automation.Is.Fun}

Task 9 Conclusion

I understand the basic pipeline structure, and I’m ready to do a deep dive into each element!

No answer needed

↓↓↓ Click here and earn $5 TryHackMe credit ↓↓↓

Infosec
Cybersecurity
Tryhackme
Tryhackme Walkthrough
Tryhackme Writeup
Recommended from ReadMedium