Harish Poornachander , White Knight Labs
Harish Poornachander is an accomplished information security professional with expertise in application security, cloud security, and CI/CD pipeline security. He is the lead developer of the course on Attacking and Securing CI/CD Pipelines, where he provides hands-on insights into identifying and mitigating vulnerabilities in CI/CD pipelines.
With extensive experience in bug bounty programs, Harish has contributed to both sides of the ecosystem, serving as a skilled researcher and an efficient triager. He has reported CI/CD vulnerabilities and misconfigurations to major organizations, including Microsoft, Google, Apache, GitHub, and others.
Harish has earned the Microsoft's Most Valuable Researcher (MVR) 24 badge and was part of the Synack Red Team (SRT) at the 0x03 level. He is currently a member of the Yogosha Strike Force and holds the OSWE certification.
Training: Attacking & Securing CI/CD Pipeline Course
The "Attacking and Securing CI/CD Pipelines" course is a dynamic, hands-on training program designed to equip participants with the skills to identify, exploit, and mitigate vulnerabilities within Continuous Integration and Continuous Deployment environments. As CI/CD pipelines form the backbone of modern software development, their security is paramount. This self-paced course blends theoretical insights with practical, real-world labs to create an immersive learning experience.
Participants will explore critical security concepts, including hijacking techniques, artifact poisoning, branch protection misconfiguration bypasses, and OIDC misconfigurations. The course also emphasizes countermeasures and best practices for securing pipelines across popular platforms like GitHub Actions, AWS CodeBuild, CircleCI and Azure DevOps. By the end of the program, learners will have the expertise to both attack and secure CI/CD environments effectively.
Designed for DevSecOps professionals, penetration testers, red team operators, and security engineers, the course provides a flexible and comprehensive approach to CI/CD security. Whether you're securing pipelines or simulating attacks, this course offers a robust foundation in CI/CD security.