Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.
The scope of secrets exposure risk
[youtube:f_vZHhVzhOY]
In this segment, Nightfall product expert Michael Osakwe provides important context surrounding the issue of secrets exfiltration, including what types of secrets are most commonly at risk and why systems like GitHub have become such a substantial target for hackers.
What does secrets exfiltration and leakage look like?
[youtube:dmSk8X4pJgE]
In this segment, Michael provides detailed examples of data exposure incidents that have occurred in GitHub over the past few years. These incidents have resulted in not just the exposure of secrets, but proprietary data as well as stakeholder PII and PHI. The incidents in this list provide ample illustration of what’s at stake when it comes to securing codebases.
Codebase security as it relates to the SaaS threat landscape
[youtube:ZmIHg2JoMp0]
In this segment, Michael provides an illustration of the types of risks posed by SaaS systems like GitHub with a model of the SaaS threat landscape. This model illustrates how core features central to SaaS systems, like their always on nature and ability to support users from a multitude of devices, can lead to security risks if not accounted for. In the context of GitHub, such risks require tools that provide the appropriate level of visibility into whether best practices for protecting secrets are being followed.
Best practices for securing codebases
[youtube:SmQwiKZG6A0]
In this final segment, Nightfall CTO & co-founder Rohan Sathe discusses 8 simple and practical best practices for making sure secrets don’t remain within codebases and that codebases are protected from unauthorized access.
If you’re interested in seeing more, you can watch the entire webinar below: https://nightfall.ai/webinar/protect-codebases-secrets-exfiltration