iPad Air w/ Smart Keyboard, Surface Go, or $300 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Hacking Jenkins

  • Monday, April 20, 2020 at 1:00 PM EDT (2020-04-20 17:00:00 UTC)
  • Ross Young

You can now attend the webcast using your mobile device!



Jenkins is used by over 15 million developers and is one of the most common automation tools for DevOps environments. This tool allows developers to automate the deployment of infrastructure as code. With this great power comes a great responsibility to protect an organization against cyber risks including credential theft, reverse shells, cryptominers, and botnets. Come learn how to attack and defend Jenkins. By the end of this webcast you will understand:

  • How Jenkins works and is used
  • Jenkins vulnerabilities and attacks
  • Why attackers want to target Jenkins
  • Three types of attacks that could occur against your Jenkins Infrastructure
  • Security features/configurations you should consider to protect Jenkins

Speaker Bio

Ross Young

Ross Young is a director of information security at Capital One, a lecturer at Johns Hopkins University, and a SANS instructor. His expertise ranges from attacking financial services for the federal government to defending organizations by automating defenses in DevSecOps pipelines. He is actively involved in all things container and Kubernetes security. Ross holds master's and bachelor's degrees from Johns Hopkins University, Idaho State University, and Utah State University. Ross's interest in pirates and ninjas have inspired him to stealthily improve security without the paperwork.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.