Security News Developers are leaking keys and credentials

I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Content source
https://arstechnica.com/security/2023/11/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code/
Copilot said:
The current web page context is an article that discusses:
  • Credential exposure: A common and risky practice of embedding sensitive information such as passwords, keys, and tokens in source code. This can lead to unauthorized access, impersonation, or manipulation by attackers.
  • PyPI study: A recent report by GitGuardian that found almost 4,000 unique secrets in 450,000 projects submitted to PyPI, the official repository for Python code. Many of these secrets were still active and could be exploited.
  • Prevention methods: Some ways to avoid credential exposure in code, such as using .env files, secret managers, or scanners. The report also suggests that some developers are unaware that they have made their projects public.
Click to expand...

Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can’t bring themselves to keep their code free of credentials that provide the keys to their kingdoms to anyone who takes the time to look for them.
Click to expand...
Read more: Developers can’t seem to stop exposing credentials in publicly accessible code
 
  • Like
Reactions: ZeroDay, [correlate], Nevi and 1 other person

Similar threads

Gandalf_The_Grey
    • Like
Malware News Malware locks browser in kiosk mode to steal Google credentials
Replies
0
Views
1,506
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Victor M
Security News Volt Typhoon attacks infrastructure of SOHOs
Replies
0
Views
1,614
Security News
Victor M
Victor M
Gandalf_The_Grey
    • Like
    • Wow
Security News Don't panic! It's only 60 Linux CVE security bulletins a week
Replies
1
Views
1,774
Security News
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top