secrets in source code Secrets in source code (episode 3/3): Building reliable secrets detection In our last two posts, we took a deep dive into how secrets sprawl and why secrets inside git are such a problem. Both of those articles brought up automated
secrets detection The threat of leaked secrets in git repositories - A discussion between security experts Secrets including API tokens, passwords and credentials are the keys to the kingdom. Yet storing secrets inside git including GitHub & GitLab is a problem. Security experts discuss why this is & how to solve this.
secrets detection Building internal secrets detection solutions: a case study about how SAP scans git repos for secrets This article looks at how SAP built an internal secrets scanning solution to detect API keys and other credentials hardcoded in git repos and revoke them.
White Papers Mitigate Growing Application Security Risks with Automated Secrets Detection Credential theft is already a well-known adversary technique but the risk expands much wider when introducing secrets such as API keys. This article looks at automated secrets detection, the challenges, and potential solutions.
secrets in source code Secrets in source code (episode 1/3) - Secret sprawl and the attack surface The first in a series of articles that will take a deep dive into secrets within source code: In this article, we will look at the concept of secret sprawl, the unwanted distribution of secrets through multiple systems, and how we can prevent it.
secrets detection Assessing model performance in secrets detection: accuracy, precision & recall explained Why precision and recall are such important metrics to consider when evaluating the performance of classification algorithms such as secrets detection.