How Secrets Lurking in Source Code Lead to Major Breaches

2022-05-25 05:21

Take the Codecov case: it is a textbook example to illustrate how hackers leverage hardcoded credentials to gain initial access into their victims' systems and harvest more secrets down the chain.

In this article, we will talk about secrets and how keeping them out of source code is today's number one priority to secure the software development lifecycle.

First, since source code is a very leaky asset, meant to be cloned, checked out, and forked on multiple machines very frequently, secrets are leaky too.

GitGuardian's State of Secrets Sprawl report highlights the fact that private repositories hide much more secrets than their public equivalent.

After having successfully accessed the official source code repository, they were able to tamper with a CI script and harvest hundreds of secrets from Codecov's user base.

Secrets detection and remediation capability is a must because even secrets can be exploited in an attack leading to a major breach.

News URL

https://thehackernews.com/2022/05/how-secrets-lurking-in-source-code-lead.html

#breaches #sourcecode