Exposed secrets - How public git repositories and docker images expose millions of secrets like API keys and security certificates every year

Presented at BSidesSF 2022 Rescheduled, June 5, 2022, 11:05 a.m. (25 minutes)

Secrets like API keys are sprawling through the internet at an alarming rate. In 2020, we conducted a research project that uncovered two million leaked secrets. This talk outlines the 2021 results and reveals how secrets end up exposed in public git repos, docker images and packages.

Presenters:

• Mackenzie Jackson - GitGuardian
  Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations. Today as the Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.

Links:

• https://bsidessf2022.sched.com/event/rjqZ/exposed-secrets-how-public-git-repositories-and-docker-images-expose-millions-of-secrets-like-api-keys-and-security-certificates-every-year

Similar Presentations:

• BSidesLV 2023 / Are your secrets safe - How mobile applications are leaking millions of credentials
• BSidesLV 2023 / The attackers guide to exploiting secrets in the universe
• BSidesLV 2016 / PAL is your pal: Bootstrapping secrets in Docker