Fixing Hardcoded Secrets The Developer-Friendly Way
The practice of hard-coding secrets like passwords, tokens, and API keys is skyrocketing as applications increasingly leverage dependencies that require integration and Infrastructure-as-Code that must authenticate services. Yet, hardcoded secrets have been at the heart of numerous security incidents because they expose access to valuable resources and enable attackers to rapidly “peel the onion.” Furthermore, secrets undermine the segregation of duties within organizations, which is key to many compliance standards such as SOC 2 Type II, ISO 27001, PCI, and more.
Yet, we must remember that developers have reasons to hardcode secrets. Not only is hard-coding secrets an efficient way to authenticate but most developers lack alternatives. The question we must ask is how do we balance security with developer efficiency?
This webinar covers:
- Introduction to hardcoded secrets (History, risks & breaches)
- Detecting secrets (What to look for and where)
- Developer-Friendly operationalization
To access the resource please complete the form