YoVDO

Fighting Secrets in Source Code with TruffleHog

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Source Code Analysis Courses

Course Description

Overview

Explore the critical issue of secrets in source code and learn how to combat it using TruffleHog in this BSidesSF 2018 conference talk. Discover the potential security risks associated with exposed secrets and their impact on lateral movement and privilege escalation within compromised environments. Gain insights into implementing TruffleHog in DevOps pipelines and its future developments. Delve into the novel problem of secrets in old packages, examining how TruffleHog can be adapted to scan package managers like npm and pypi. Learn about the high-signal regular expressions used for detection and auto-verifiers for improved accuracy. Understand the importance of addressing this widespread industry challenge and acquire practical knowledge on using TruffleHog to enhance your organization's security posture.

Syllabus

Introduction
Why Secrets
Examples
Why
High Signal Regular Expressions
TruffleHog Example
Auto verifiers
Questions


Taught by

Security BSides San Francisco

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network