《GitGuardian：应用安全秘密检测白皮书（英文版）（26页）.pdf》由会员分享，可在线阅读，更多相关《GitGuardian：应用安全秘密检测白皮书（英文版）（26页）.pdf（26页珍藏版）》请在三个皮匠报告上搜索。

1、Whitepaper|Implementing Automated Secrets Dection for Application Security 1/26Implementing Automated Secrets Detection for Application SecurityHow do we secure the new way of building software?Applications are no longer standalone monoliths,they now rely on thousands of building blocks:cloud infras

2、tructure,databases,SaaS components such as Stripe,Slack,HubSpot This is a significant shift in software development.Dev&Ops teams from large organizations use thousands of secrets like API keys and other credentials in order to interconnect these components together.As a result,they now have access

3、to more sensitive information than companies can keep track of.The risk is that these secrets are now spreading everywhere.We call“secrets sprawl”the unwanted distribution of secrets in all the systems developers use.Secrets sprawl is even more difficult to control with growing development teams,som

4、etimes spread over multiple geographies.Not even taking into consideration that developers are under hard pressure due to a growing number of technologies to master and shortened release cycles.In this whitepaper,we look at the implications of secrets sprawl,and present solutions for Application Sec

5、urity to further secure the SDLC by implementing automated secrets detection in their DevOps pipeline.What developers call a secret is anything that allows access to a system,often programmatically.API keys,private keys,database credentials,security certificates are perfect examples.Secrets are keys

6、 to the kingdom:they give access to cloud infrastructure,SaaS components,databases,internal portals or microservicesUnderstanding the benefits of mitigating secrets sprawlWhat are the threats associated with secrets sprawl?A focus on secrets in source code:why are they so bad?Challenges associated w