Loading…
BSidesSF 2018 has ended
Back To Schedule
Sunday, April 15 • 4:50pm - 5:20pm
Fighting Secrets In Source Code With TruffleHog

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Secrets in source code have lead to breaches in the past. They make it really easy to move laterally and escalate privileges once inside an environment, and it's a problem the entire industry faces. I'm going to talk about the tool I wrote to help identify secrets: TruffleHog. I'll be talking about different ways to use the tool, how it can be used in devops pipelines, and the future of the tool going forward. I'll also talk about a new type of problem I don't think anyone has looked at before: Secrets in old packages. I've tweaked truffleHog to scan package managers like npm and pypi, and found tons of secrets accidentally uploaded to the package manager, that weren't ever even in the git history. I'll be releasing the tweaked version of truffleHog and walk through how to use it, and why we need to pay more attention to this problem.

Sunday April 15, 2018 4:50pm - 5:20pm PDT
AMC - Theatre 7