Nebraska.Code() Sessions tagged cybersecurity

Do you know where your secrets are? Exploring the problem of secret sprawl and secret management maturity

Do you know what Uber, CircleCI, and Toyota all have in common? They had hardcoded credentials in plaintext somewhere in their environments, which led to either a public leak or enabled an attacker to expand their footprint during a breach.

It is easy to understand why hardcoding secrets is a problem, but do you know how widespread this problem is or how fast it is escalating? Do you know how it keeps happening? Do you know what you can do about it?

This session will deep dive into the research around secrets sprawl and compare it with historical data to show how much worse the situation is becoming, as well as what type of secrets are most commonly involved. We will also explore how to evaluate the maturity of your secrets management strategies and what steps you might consider next on your security journey.

In this session, you will:

Hear about the state of secrets sprawl and Discover the most commonly leaked credentials See how you can stop secrets sprawl in your organization by shifting left Learn to measure your secrets management maturity

Speaker

Dwayne McDaniel

Dwayne McDaniel

Developer Advocate, GitGuardian

Who Goes There? Actively Detecting Intruders With Honeytokens

When attackers gain access to a system, they immediately look for ways to gain more control. One of the easiest ways to expand their presence is to find plaintext credentials lying around in code, config, or logs.

By the time an intrusion is detected, it is likely too late. What you need is an alarm to let you know someone is intruding while they are intruding. That is where honeytokens come in.

Honeytokens are credentials that don't actually grant any access, instead triggering alerts that report the intruder's activity.

If you are working to detect and stop intruders in their tracks, then this session is for you.

Takeaways: Understanding how honeytokens work Maximizing the impact of honeytokens Deploying honeytokens at scale with automation Open Source and Enterprise options

Speaker

Dwayne McDaniel

Dwayne McDaniel

Developer Advocate, GitGuardian