Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Secrets Management

[Webinar] How You Should Not Remediate Your Hardcoded Secrets

Jan 23, 2023 By GitGuardian In GitGuardian
If you have ever run a secrets scanner against your entire codebase, it has likely raised hundreds if not thousands of findings, leaving you wondering, "Where should I start?" Unlike other vulnerabilities, hardcoded secrets represent a threat by themselves whether your code is running or not. Attackers with access to a repository will scan it inside out for secrets, turning every occurrence into a risk you cannot ignore. Still, this does not mean that you should treat all incidents equally!
View Video

[Webinar] Taming Secrets Sprawl with Doppler and GitGuardian

Dec 2, 2022 By GitGuardian In GitGuardian
With every hardcoded secret, the software supply chain attack surface grows larger, opening more avenues for the resourceful attacker. Remember Codecov? It all started with a hardcoded secret, ultimately leading to the downstream poisoning of 20,000+ CI pipelines and the exfiltration of more secrets than attackers could ever dream of. It’s time for us, developers and security pros, to take a hard look at our hardcoded secrets – or else, we accept living with the risks and consequences of secrets sprawl.
View Video
Snyk

Best practices for Kubernetes Secrets management

Nov 16, 2022 By Eric Kahuha In Snyk

Kubernetes uses secret objects, called Secrets, to store OAuth tokens, secure shell (SSH) keys, passwords, and other secret data. Kubernetes Secrets allow us to keep confidential data separate from our application code by creating it separately from pods. This segregation, along with well-formed role-based access control (RBAC) configuration, reduces the chances of the Secret being exposed — and potentially exploited — when interacting with pods, thereby increasing security.

Read Post

[Webinar] GitGuardian and TechStrong Present Tackling Secrets at the Enterprise Level

Oct 24, 2022 By GitGuardian In GitGuardian
As DevOps turns to multi-cloud, workload containerization, and infrastructure-as-code, securing and distributing secrets across teams and environments has become a complex undertaking. Left unmanaged, this leads to secrets sprawl; in other words, the exposure of credentials in source control servers, DevOps tools, and every component that makes up the software development life cycle (SDLC). With exposed secrets, attackers can easily access an organization’s critical resources. They can breach the perimeter to carry out attacks, hijack computing power, exfiltrate customer data and compromise the integrity of the software supply chain.
View Video

[Webinar] DevSecOps - A DevSecOps Maturity Model for Secrets Management

Oct 10, 2022 By GitGuardian In GitGuardian
Listen to experts from KuppingerCole Analysts and GitGuardian as they discuss security vulnerabilities in DevOps environments, which are often due to a lack of visibility and control of widely distributed secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, and service account passwords, leaving millions of credentials exposed.
View Video
keeper

Use Keeper Connection Manager to Automatically Discover & Connect to AWS EC2 Instances

Jun 27, 2022 By Craig Lurey In Keeper

One of the selling points of cloud computing is the ability to quickly spin up new machines as needed. Unfortunately, this means that cloud environments grow very complex, very quickly – and manually updating configuration files to add new instances gets really old, really fast. It’s easy to make a mistake, which inhibits productivity and causes security issues, especially when accessing machines remotely.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.