Jason Haddix is the CISO of BuddoBot and former CISO/Head of Security at UbiSoft. In this clip Jason explores why a comprehensive secrets management program is absolutely vital for a organizations. He walks us through his 4 step secrtes management plan he has rolled out to Detect, Prevent, Respond and Educate. Today Jason puts together his cyber leadership skills with his penetration testing background as the CISO of BuddoBot, a world class red team as a service organization that is designed to emulate and prepare your organization for real world attacks.

In this short we look at the three components that make up docker, the docker file, docker image and docker container.

CEO of socket shares his thoughts on why the supply chain is the biggest risk for 2023 and how we can secure it. This interview was part of an entire episode on The Security Repo podcast dedicated to the insights from the 2023 RSA conference.

GitHooks are a great way of automating tasks and checking information while using git. These hooks are both powerful surprisingly easy to create yourself. In this video tutorial we run through how git hooks work and create both local and global git hooks which can call an API, use grep to find keys and call local package.

Hacker Adriel Desautel explains why honey pots are such an effective tool to use against malicious threat actors. Adriel is a legendary personality in the security and hacking communities, today as the founder and CEO of Netraguard he, along with his team, conduct real world penetration tests on organizations of all sizes. This clip is part of an episode in The Security Repo Podcast where white hat hackers Noah Tongate and Adriel Desautel give real world advice on how to protect yourself against 'people like them'.

OpenAi have confirmed they have had a data breach involving a vulnerability inside a open-source dependency Redis. This allowed threat actors to see history from other active users. But this leads to the bigger question, how can we secure ChatGPT. In this video I explain my position using some interesting data that ChatGPT should be part of all organizations threat landscape and that banning ChatGPT won't help the situation.

You may have noticed the.git directory sitting in your repo but not understood exactly what this is. These folders can contain lots of sensitive information so it's important to know what they do!

What is the biggest security threat for 20233 and how can we combat it? This is the million dollar question security. GitGuardian developer advocate Mackenzie Jackson had the opportunity to ask Joseoh Carson from Delinea what he expected to come from 2023.

GitGuardian Honeytoken has got you covered. You can deploy honeytokens at scale, monitor for unauthorized use, and detect intrusions in your supply chain before they can cause any damage to your assets. Honeytokens are unique, decoy credentials that can be placed across your software delivery pipeline, giving you the ability to track unauthorized access attempts in real time. They allow you to monitor when, where, and how attackers are trying to access your assets. This way, you can take proactive measures to prevent attacks before they happen.

We are proud to introduce you to the GitGuardian Honeytoken module. Honeytokens are decoy credentials that don't allow any real access but instead trigger alerts that reveal the IP address of whoever tried to use them. GitGuardian honeytokens can be used for intrusion detection in your own environments and tools. You can also plant our honeytokens in your SaaS vendors' systems to be alerted if a core vendor in the supply chain has been compromised. Placing honeytokens in your source code help you detect when your code has been leaked publicly, indicating a code leak.