Fighting Secrets in Source Code with TruffleHog

Explore the critical issue of secrets in source code and learn how to combat it using TruffleHog in this BSidesSF 2018 conference talk. Discover the potential security risks associated with exposed secrets and their impact on lateral movement and privilege escalation within compromised environments. Gain insights into implementing TruffleHog in DevOps pipelines and its future developments. Delve into the novel problem of secrets in old packages, examining how TruffleHog can be adapted to scan package managers like npm and pypi. Learn about the high-signal regular expressions used for detection and auto-verifiers for improved accuracy. Understand the importance of addressing this widespread industry challenge and acquire practical knowledge on using TruffleHog to enhance your organization's security posture.

Introduction
Why Secrets
Examples
Why
High Signal Regular Expressions
TruffleHog Example
Auto verifiers
Questions