Well, that's one mega fuckup. Dev's are great at fucking up secrets management. I swear it's a class they are required to take yearly until they graduate.
Archive: https://archive.today/KDp1P
From the post:
>TL;DR I scanned 22 million public Cloud Development Environment projects across CodeSandbox, StackBlitz, CodePen, and JSFiddle with TruffleHog, found 8,792 verified, unique secrets, and made over $20,000 in bounties along the way. The most impactful finding was a GitHub employee token with write access to github/github. This guest post by Ben Zimmermann was developed through Truffle Security's Research CFP program. Ben is a security researcher focused on credential exposure and secret scanning at scale
Well, that's one mega fuckup.
Dev's are great at fucking up secrets management. I swear it's a class they are required to take yearly until they graduate.
Archive: https://archive.today/KDp1P
From the post:
>>TL;DR I scanned 22 million public Cloud Development Environment projects across CodeSandbox, StackBlitz, CodePen, and JSFiddle with TruffleHog, found 8,792 verified, unique secrets, and made over $20,000 in bounties along the way. The most impactful finding was a GitHub employee token with write access to github/github.
This guest post by Ben Zimmermann was developed through Truffle Security's Research CFP program. Ben is a security researcher focused on credential exposure and secret scanning at scale
Login or register