PowerShell Summit 2025 - Stop Writing Insecure PowerShell... Seriously. by Rob Pleau

Writing secure PowerShell doesn't need to be hard! There are tools available that will immediately aid you in securing your PowerShell code that come at no cost.

What we'll cover:

A review of the in-box rules in PSScriptAnalyzer related to security.
We'll look at how we can extend PSScriptAnalyzer rules with PowerShell InjectionHunter.
How to create a custom PSScriptAnalyzer rule to cover something that might not exist yet.
Wiring these up to a Github Actions workflow so we can not only run locally but in our CI/CD pipeline as well.
Using Microsoft.PowerShell.SecretManagement to keep sensitive API keys/tokens and passwords out of your code.
Lastly, trust what you use. Are you pulling in a dependency? Things to look for when reviewing external code dependencies.

Writing more secure code is a time investment that is much cheaper than a breach. Use these tools to start writing secure PowerShell code today!
PowerShell Summit videos are recorded by our friends at Confreaks.

Our recordings are made in a way that minimizes overhead for our speakers and interruptions to our live audience. These recordings are meant to preserve the presentations' information for posterity, and are not intended to be a substitute for attending the Summit in person. These recordings are not intended as professional video training products. We hope you find these videos useful.

Follow Confreaks 👇
https://confreaks.com
https://confreaks.bsky.social
https://x.com/confreaks

Видео PowerShell Summit 2025 - Stop Writing Insecure PowerShell... Seriously. by Rob Pleau канала Confreaks