Git + Touch ID, plus four more reasons why developers love 1Password
Recent breaches at Uber and Slack highlight the risks of storing secrets in plaintext on disk. But that’s just the way it works, right?
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Git
How to Bake Security into your CI/CD Pipeline
According to IBM Security's "The Cost of a Data Breach Report", the global cost of data breaches in 2022 increased by 2.6% compared to previous year, reaching $4.35 million. The source code of major companies like Nvidia, Microsoft, Uber, Slack, Toyota was leaked, often caused by usage of hardcoded secrets (you can see more details in the infographics below). In those cases, lateral movements were compromising software supply chain security. In their report Gartner claims about 45% of companies should expect to become targets of supply chain attacks by 2025.
Take GitHub threats seriously: The largest code-sharing platform is extending your attack surface
In 2021, GitGuardian scanned over 1 billion data points on GitHub.com, and the results were stunning. More than 6 million secrets – think API keys, database connection strings, and private certificates – were exposed on the platform! Even more striking is the share of secrets and sensitive data exposed on the personal repositories of developers or open-source projects, of which SecOps teams lack visibility and control.
Creating a Honeytoken - Complete Tutorial
Honey Tokens or Canary Tokens are credentials designed to alert you when an attacker is in your infrastructure. This is a complete tutorial how to create them using only open-source projects.
Secrets Management Maturity Model
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
Forrester: Show, Don't Tell, Your Developers How To Write Secure Code
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
Q4 2022 Product Roundup - find and fix hardcoded secrets
Learn more about the challenges awaiting organizations of hundreds to thousands of developers deploying secrets detection and how we're addressing them with our latest feature releases.
IAM Best Practices [cheat sheet included]
Download our cheat sheet on IAM, Identity and Access Management, best practices. It will help you make your cloud environments more secure.
How to Handle Secrets in Python
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
[Webinar] How You Should Not Remediate Your Hardcoded Secrets
If you have ever run a secrets scanner against your entire codebase, it has likely raised hundreds if not thousands of findings, leaving you wondering, "Where should I start?" Unlike other vulnerabilities, hardcoded secrets represent a threat by themselves whether your code is running or not. Attackers with access to a repository will scan it inside out for secrets, turning every occurrence into a risk you cannot ignore. Still, this does not mean that you should treat all incidents equally!