Exposed secrets like API keys and other credentials continue to be a persistent vulnerability. This presentation sheds light on the methods used to discover and exploit such secrets in various environments, including public and private git repositories, containers, and compiled mobile applications. This presentation combines various different research projects that illustrates the different methods attackers use to find and exploit secrets to gain initial access, elevate privileges and created persisted access. It covers research into exploiting secrets in git repositories, private and public, exploiting secrets in compiled mobile applications and exploiting secrets in packages and containers.
This presentation offers valuable insights and information on how to identify and address exposed secrets, one of the most persistent vulnerabilities in application security.
Developer advocate - Security fanatic
Mackenzie is a developer and security advocate with a passion for ode security. As the co-founder and former CTO of Conpago he learnt first-hand how critical it is to build secure applications and today is able to continue that passion at GitGuardian