Secrets
1Password Leverages SSO Service to Better Protect Secrets
1Password announced today general availability of a single sign-on (SSO) capability that makes sure secrets are kept secure by leveraging keys that are stored on an end user’s device. The Unlock with ...
CircleCI Rotates GitHub OAuth Tokens After Security Incident
Following a security incident, CircleCI has completed the process of rotating GitHub OAuth tokens for their customers. CircleCI said Saturday that while customers could still rotate their own tokens, it has “confidence ...
GitHub Secret Scanning is now Free (as in Beer)
Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem ...
The Challenge of Secrets Leakage & Preventative Steps – Techstrong TV
Charlene O’Hanlon and Yury Koldobanov tackle the challenge of secrets leakage in Git repos and what organizations can do to prevent it. Voiceover: This is Digital Anarchist. Charlene O’Hanlon: Hey, everybody, ...
Reducing the Risk of Credential Leakage
Long-term cloud credentials are often scattered throughout source code, on laptops or desktops, on servers, in cloud resources and in other locations. It’s easy to copy them across machines, creating credential sprawl ...
Secrets Detection: An Emerging AppSec Category
Applications are no longer standalone monoliths, they now rely on thousands of independent building blocks: cloud infrastructure, databases, SaaS components such as Stripe, Slack and HubSpot, just to name a few. This ...
Video: Managing Digital Certificates in DevOps – Keyfactor
Digital certificates (e.g. SSL/TLS, X.509) can be issued and managed through many different tools in your DevOps tool-chain. However, the more tools you have for managing the issuance of these certificates lead ...
Secrets, Security Insights and APIs!
Secrets, Security Insights, and APIs!ShiftLeft Inspect can now detect “hardcoded secrets” (across all languages), and provide “security insights” into your JavaScript code. ShiftLeft Inspect has also released a new version of API ...
Forsooth! What Sort Of Villainy Makes It’s Evil Pestilence Known?
Apparently, Amazon.com, Inc. (Nasdaq: AMZN) has taken up the $10 Billion Evil Gauntlet and is running with it (kids, don't do that at home...), if reports are to be believed. Read it ...