Build servers are typically not top-of-the-list for environments that security teams choose to monitor and secure. The perception is that they do not actually hold sensitive data like a production environment would. However, in reality, they have unique access and functionality that makes them a common target for attackers
Threat Stack VP of Product, Chris Ford, will walk through the impact of a build system breach. This example will highlight how the attacker leveraged a build server to wage an insidious attack that has a larger blast radius than a similar attack targeting a production environment directly.