Fighting Secrets in Source Code with TruffleHog
Offered By: Security BSides San Francisco via YouTube
Course Description
Overview
Explore the critical issue of secrets in source code and learn how to combat it using TruffleHog in this BSidesSF 2018 conference talk. Discover the potential security risks associated with exposed secrets and their impact on lateral movement and privilege escalation within compromised environments. Gain insights into implementing TruffleHog in DevOps pipelines and its future developments. Delve into the novel problem of secrets in old packages, examining how TruffleHog can be adapted to scan package managers like npm and pypi. Learn about the high-signal regular expressions used for detection and auto-verifiers for improved accuracy. Understand the importance of addressing this widespread industry challenge and acquire practical knowledge on using TruffleHog to enhance your organization's security posture.
Syllabus
Introduction
Why Secrets
Examples
Why
High Signal Regular Expressions
TruffleHog Example
Auto verifiers
Questions
Taught by
Security BSides San Francisco
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network