I asked 40 security experts to share their best advice, it didn't disappoint.
This post explores the best security advice we have received over the past almost 2 years from various different security professionals.
Nation-state hackers access Microsoft source code and steal secrets
Microsoft has been experienced a sustained attack by Russian-backed nation-state attacker Midnight Blizzard (also known as NOBELIUM). This blog examines all we know so far
Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat
Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access.
8.5% of Docker Images Expose API and Private Keys
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.
CodeSecDays brings security leaders together to build a world without software security issues
In GitGuardian's first digital conference, CodeSecDays, security leaders from multiple leading companies like Snyk, Chainguard, Doppler, RedMonk, and more came together to share the latest in code and application security. As the CEO and founder of GitGuardian, Eric Fourrier said, “No organizations
Exploring the Controversy: The Pros and Cons of Environment Variables - PyCon Italia
Using environment variables to store secrets has long been considered a good practice. But in this article, we will explore different opinions as to why using env vars might be either good or bad for security
Building resilient and secure systems - Lessons from Devoxx Poland
Devoxx Poland is a developer first confrence that invites software innovators from around the world present latest trends in the industry, here are some of the key takeaways to build secure and resilient systems.
Lessons from Lapsus - CISO on Building a comprehensive secrets management program
Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
Why ChatGPT is a security concern for your organization (even if you don't use it)
ChatGPT may not be used by all organizations and may even be banned. But that doesn't mean you don't have exposure to the security risks it contains. This post looks at why ChatGPT should be part of your threat landscape.
Twitter’s leak illustrates why source code should never be sensitive
Twitter's source code was recently leaked publicly on a GitHub repository. This blog post looks at exactly what happened and what security consequences could stem from this leak.
![Best Practices for Managing and Storing Secrets Including API Keys and Other Credentials [cheat sheet included]](/content/images/size/w600/2020/06/20W22-BLOG-Banner-BestPractices-Final@2x.png)
Best Practices for Managing and Storing Secrets Including API Keys and Other Credentials [cheat sheet included]
We have compiled a list of some of the best practices to prevent API key leakage and keep secrets and credentials safe. Secrets management doesn’t have a one-size-fits-all approach, so this list considers multiple perspectives so you can be informed in deciding to or not to implement strategies.
Using GGCanary to Create Your Own Honeytokens with Open Source Tools - Complete Tutorial
Honeytokens or Canary Tokens are credentials designed to alert you when an attacker is in your infrastructure. This is a complete tutorial how to create them using only open-source projects.
