Binary Planting, GitLab, and DevOps Pipelines – ASW #89



Binary Planting with the npm CLI is another way to describe one of our favorite attacks, GitLab Doles Out Half a Million Bucks to White Hats, Speculation & leakage: Timing side channels & multi-tenant computing from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model, How can we integrate security into the DevOps pipelines? By picking from many of the great resources in this article, Go passwordless to strengthen security and reduce costs — and design your app to support these types of workflows, including account recovery.

Visit for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Binary Planting, GitLab, and DevOps Pipelines

Bugs, Breaches, and More!
If you build it, they will come
Learning & Tools
Food for Thought


John Kinsella
John Kinsella – Vice President of Container Security
Matt Alderman
Matt Alderman – CEO
Mike Shema
Mike Shema – Product Security Lead


Dave Ferguson
Dave Ferguson – Director of Product Management, WAS


  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to If you have missed any of our previously recorded webcasts, you can find our on-demand library at