Scanning for hardcoded secrets in source code | Security Simplified

When developers hardcode secrets like passwords and API keys directly into source code, these secrets can make their way to public repos or application packages, then into an attacker’s hands. As developers, we often need to exchange credentials and other secrets programmatically.
This means that you can sometimes make mistakes when handling sensitive data. In this video, we'll talk about how you can detect these accidentally committed credentials in your code repositories.

#cybersecurity #secrets #dataleak

Links:
Entropy calculator: https://www.shannonentropy.netmark.pl/
Example vulnerable project: https://github.com/ShiftLeftSecurity/...