all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

AssetHarvester: A Static Analysis Tool for Detecting Assets Protected by Secrets in Software Artifacts

Add to bookmarks
March 29, 2024, 4:10 a.m. | Setu Kumar Basak, K. Virgil English, Ken Ogura, Vitesh Kambara, Bradley Reaves, Laurie Williams

cs.CR updates on arXiv.org arxiv.org

arXiv:2403.19072v1 Announce Type: new
Abstract: GitGuardian monitored secrets exposure in public GitHub repositories and reported developers leaked over 12 million secrets (database and other credentials) in 2023, indicating a 113% surge from 2021. Despite the availability of secret detection tools, developers ignore the tools' reported warnings because of false positives (25%-99%). However, each secret protects assets of different values accessible through asset identifiers (a DNS name and a public or private IP address). The asset information for a secret can …

analysis artifacts arxiv assets availability credentials cs.cr cs.se database detection developers exposure gitguardian github github repositories leaked public repositories secret secret detection secrets software static analysis tool tools

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Dihedral Quantum Codes 2 days, 3 hours ago | arxiv.org
arxiv block class code +9
A Privacy Preserving System for Movie Recommendations Using Federated Learning 2 days, 3 hours ago | arxiv.org
arxiv businesses cs.cr cs.ir +20
VulLibGen: Identifying Vulnerable Third-Party Libraries via Generative Pre-Trained Model 2 days, 3 hours ago | arxiv.org
accelerate advisory arxiv cs.cr +24
Simultaneous Haar Indistinguishability with Applications to Unclonable Cryptography 2 days, 3 hours ago | arxiv.org
applications arxiv build cloning +11
SoK: Prudent Evaluation Practices for Fuzzing 2 days, 3 hours ago | arxiv.org
afl arxiv bugs concept +13
The Effect of Quantization in Federated Learning: A R\'enyi Differential Privacy Perspective 2 days, 3 hours ago | arxiv.org
arxiv can cs.cr cs.dc +15
Unveiling the Potential: Harnessing Deep Metric Learning to Circumvent Video Streaming Encryption 2 days, 3 hours ago | arxiv.org
arxiv attacks body cs.ai +16
SecureLLM: Using Compositionality to Build Provably Secure Language Models for Private, Sensitive, and Secret Data 2 days, 3 hours ago | arxiv.org
access arxiv back build +15
IBD-PSC: Input-level Backdoor Detection via Parameter-oriented Scaling Consistency 2 days, 3 hours ago | arxiv.org
adversaries arxiv attacks backdoor +22

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España
View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania
View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States
View on infosec-jobs.com