all InfoSec news
AssetHarvester: A Static Analysis Tool for Detecting Assets Protected by Secrets in Software Artifacts
March 29, 2024, 4:10 a.m. | Setu Kumar Basak, K. Virgil English, Ken Ogura, Vitesh Kambara, Bradley Reaves, Laurie Williams
cs.CR updates on arXiv.org arxiv.org
Abstract: GitGuardian monitored secrets exposure in public GitHub repositories and reported developers leaked over 12 million secrets (database and other credentials) in 2023, indicating a 113% surge from 2021. Despite the availability of secret detection tools, developers ignore the tools' reported warnings because of false positives (25%-99%). However, each secret protects assets of different values accessible through asset identifiers (a DNS name and a public or private IP address). The asset information for a secret can …
analysis artifacts arxiv assets availability credentials cs.cr cs.se database detection developers exposure gitguardian github github repositories leaked public repositories secret secret detection secrets software static analysis tool tools
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Senior - Penetration Tester
@ Deloitte | Madrid, España
Associate Cyber Incident Responder
@ Highmark Health | PA, Working at Home - Pennsylvania
Senior Insider Threat Analyst
@ IT Concepts Inc. | Woodlawn, Maryland, United States