back to agenda
on this page
Secret scanning in open source at scale
- 14:00
- Thu
- 16 Nov
Stage:
Briefing Stage 1
Format:
Session
Presenter:
Security Engineer & Independent Consultant
Security Researcher
Supply chain security conversation is booming these days after attacks like log4shell came to the scene.
In this in-house research, we have conducted research on publicly available open-source assets like JS Packages, Python Packages, and WordPress Plugins to find out the presence of mistakenly or deliberately publicly exposed secrets (including private API keys and so on) i.e. AWS, Google, etc.
This could pose a risk to anyone using those packages as dependencies or plugins so that this chain of not re-inventing the wheel could become a disaster that stops the wheel once and for all.
Presenter:
Security Engineer & Independent Consultant
Security Researcher