Do you know where your secrets are? Exploring the problem of secret sprawl and secret management maturity

Presented at BSidesLV 2023, Aug. 8, 2023, 3 p.m. (45 minutes)

Do you know what Uber, CircleCI, and Toyota all have in common? They had hardcoded credentials in plaintext somewhere in their environments, which led to either a public leak or enabled an attacker to expand their footprint during a breach. It is easy to understand why hardcoding secrets is a problem, but do you know how widespread this problem is or how fast it is escalating? Do you know how it keeps happening? Do you know what you can do about it?

Presenters:

• Dwayne McDaniel
  Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.

Links:

• https://www.bsideslv.org/talks#3MGPSJ

Similar Presentations:

• DerbyCon 9.0 Finish Line (2019) / How to Give the Gift That Keeps on Giving - Your Knowledge
• BSides Austin 2016 / If I Knew Then What I Know Now: Building an InfoSec Program from Scratch
• GrrCON 2016 / How Do You Secure What You Don't Control