Build AI Apps with Azure, Copilot, and Generative AI — Microsoft Certified
PowerBI Data Analyst - Create visualizations and dashboards from scratch
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the critical issue of secrets in source code and learn how to combat it using TruffleHog in this BSidesSF 2018 conference talk. Discover the potential security risks associated with exposed secrets and their impact on lateral movement and privilege escalation within compromised environments. Gain insights into implementing TruffleHog in DevOps pipelines and its future developments. Delve into the novel problem of secrets in old packages, examining how TruffleHog can be adapted to scan package managers like npm and pypi. Learn about the high-signal regular expressions used for detection and auto-verifiers for improved accuracy. Understand the importance of addressing this widespread industry challenge and acquire practical knowledge on using TruffleHog to enhance your organization's security posture.
Syllabus
Introduction
Why Secrets
Examples
Why
High Signal Regular Expressions
TruffleHog Example
Auto verifiers
Questions
Taught by
Security BSides San Francisco