With the increasing amount of data stored in the cloud and the rise of SaaS applications, securing these platforms is crucial, especially for organizations with a large number of engineers. While CI/CD platforms are central to development workflows, they are not the only applications that demand robust security measures. This workshop is designed to help you secure your SaaS applications using Zero Trust principles, ensuring that only authorized users can access sensitive resources, regardless of the application.

We will focus on securing Source Code Repositories and CI/CD pipelines, but the strategies discussed are applicable to any SaaS application. CI/CD platforms like CircleCI, GitLab, Jenkins, and GitHub Actions are widely used for source code management and DevOps automation. However, their pivotal role also makes them prime targets for cyber threats, with common vulnerabilities including exposed APIs, misconfigured permissions, and insecure access controls.

Zero Trust Network Access (ZTNA) offers a robust solution for securing applications by ensuring point-to-point connectivity with no open ports, minimizing exposure and protecting development environments. In this workshop, Bren will explore the core concepts of Zero Trust, focusing on securing GitLab. You'll learn how to implement ZTNA, apply granular security controls, and continuously assess your security landscape to safeguard against evolving cybersecurity threats.