all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

AssetHarvester: A Static Analysis Tool for Detecting Assets Protected by Secrets in Software Artifacts

Add to bookmarks
March 29, 2024, 4:10 a.m. | Setu Kumar Basak, K. Virgil English, Ken Ogura, Vitesh Kambara, Bradley Reaves, Laurie Williams

cs.CR updates on arXiv.org arxiv.org

arXiv:2403.19072v1 Announce Type: new
Abstract: GitGuardian monitored secrets exposure in public GitHub repositories and reported developers leaked over 12 million secrets (database and other credentials) in 2023, indicating a 113% surge from 2021. Despite the availability of secret detection tools, developers ignore the tools' reported warnings because of false positives (25%-99%). However, each secret protects assets of different values accessible through asset identifiers (a DNS name and a public or private IP address). The asset information for a secret can …

analysis artifacts arxiv assets availability credentials cs.cr cs.se database detection developers exposure gitguardian github github repositories leaked public repositories secret secret detection secrets software static analysis tool tools

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Causal Inference with Differentially Private (Clustered) Outcomes 18 hours ago | arxiv.org
algorithm arxiv cs.cr cs.lg +12
An artificial neural network approach to finding the key length of the Vigen\`{e}re cipher 18 hours ago | arxiv.org
accuracy article artificial arxiv +9
Generic Selfish Mining MDP for DAG Protocols 18 hours ago | arxiv.org
analysis arxiv bitcoin breaking +15
Tight Differential Privacy Guarantees for the Shuffle Model with $k$-Randomized Response 18 hours ago | arxiv.org
algorithms arxiv cs.cr data +14
Succinct arguments for QMA from standard assumptions via compiled nonlocal games 18 hours ago | arxiv.org
argument arxiv building crypto +8
On Training a Neural Network to Explain Binaries 18 hours ago | arxiv.org
aid arxiv binary code +15
Transferring Troubles: Cross-Lingual Transferability of Backdoor Attacks in LLMs with Instruction Tuning 18 hours ago | arxiv.org
arxiv attacks backdoor backdoor attacks +14
Leveraging Label Information for Stealthy Data Stealing in Vertical Federated Learning 18 hours ago | arxiv.org
arxiv attack attacks cs.cr +16
An Extensive Survey of Digital Image Steganography: State of the Art 18 hours ago | arxiv.org
adoption art arxiv attention +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs