Application secrets exposure has lead to a series of serious data and system breaches over the past few years. In spite of the high profile nature of these cases, the incidences of application secrets leaks via git repositories and other public sites is still on the rise. This presentation reviews the anatomy of the secret’s life cycle and recommends one possible path forward for InfoSec professionals to help in mitigating this problem.
Jennifer Janesko has worked in various roles in information security for over 8 years - from penetration testing, to securing critical infrastructures, to teaching security design hygiene for software engineers. Prior to her transition to information security, Jennifer worked for over 15 years in IT as a developer and leader in the areas of education, telecommunications and semiconductors. She volunteers her time helping with BSidesMunich, OWASP and MUC:SEC. In her free time, Jennifer enjoys hiking, running, making CTFs and building (smart) things.