Avatar image home | reference architectures | about about me |
message send message

Hacked by a branch name, ouch!

• Blog posts are my own thoughts and opinions

Whatever you do, do not attend any reasonably decent security course like the <a href='https:/tryhackme.com'>TryHackMe</a> folk run. You will not sleep for a week afterwards. Makes you read everything. For example,

I just saw some best practice guidance notes from Github showing an example of how even the branch name of a pull request can PWN your system

...if you tried to be clever and write some code to check the branch name.

hashtag #security #devops (I'll put the link to the GitHub documentation where this is discussed in the comments below)

hashtag #security #training #courses #tryhackme

Disclaimer: These views and opinions are those of the author and do not constitute professional advice. Neither Alan Hemmings nor Goblinfactory Ltd (if mentioned) shall be liable for any reliance on this content.