(The) Postman Carries Lots of Secrets ◆ Truffle Security Co. (API Tool)

1.3K

• (+1/-0)

(The) Postman Carries Lots of Secrets ◆ Truffle Security Co. (API Tool) (trufflesecurity.com)

The real TLDR; dev's are lazy with secrets, just like they always have been.

From the post:

>tl;dr Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 live credentials are currently leaking publicly on Postman for a variety of popular SaaS and cloud providers. In this article, we share our research on credential exposure on Postman. Want to scan a Postman workspace with TruffleHog right now? Try our new command:

The real TLDR; dev's are lazy with secrets, just like they always have been. Archive: https://archive.today/jrRe1 From the post: >>tl;dr Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 live credentials are currently leaking publicly on Postman for a variety of popular SaaS and cloud providers. In this article, we share our research on credential exposure on Postman. Want to scan a Postman workspace with TruffleHog right now? Try our new command:

Be the first to comment!

Login or register