Pyntax

Aggregating the Future

application security ci/cd scanner security security testing software development static analysis web security

Scanning for Secrets in Source Code

ByVickie Li

Mar 19, 2021

DZone

Meme of a woman starting to fall asleep before her brain tells her, "You committed the API Keys to a public repo."Image is sourced from DZone’s Twitter

As a developer, I admit that I’ve committed secrets to public Github repositories before. Hardcoded secrets have always been a problem in organizations and are one of the first things I look for during a penetration test. When developers write secrets such as passwords and API keys directly into source code, these secrets can make their way to public repositories or application packages, then into an attacker’s hands.

Source: DZone

By Vickie Li

Related Post

client java scala security server spring boot ssl tls two-way

How to Easily Set Up Mutual TLS

May 28, 2021 Hakan Alt nda
apache kafka security

How to Use PEM Certificates With Apache Kafka

May 27, 2021 Dejan Maric
data and security hard disk security tutorial

How to Erase or Wipe Sensitive Files From Hard Drive

May 27, 2021 Vishal Chaudhary

You missed

Uncategorized

Teslas made in Texas will likely have to leave the state before Texans can buy them

May 30, 2021 A Word From Our Sponsor
Uncategorized

MagSafe used to fish out iPhone 12 Pro dropped in canal

May 30, 2021
Uncategorized

Wacom Cintiq Pro 24 Touch review: Beautiful but needs improvement

May 30, 2021
Uncategorized

Google made it hard for users to keep location data private

May 30, 2021