php[tek] 2023 - A Community Of Communities Powering The Internet
The PHP community came together in Chicago for php 2023, sharing best practices and the latest updates from the language and frameworks that run over 77% of the internet.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
May 2023
How to Secure Your SCM Repositories with GitGuardian Honeytokens
Protect your code and secure your repositories with honeytokens. Learn how to create and add these digital traps to your SCM repositories and how GitGuardian helps you stay alert to potential threats. Read on for best practices and tips to make the most out of honeytokens.
Webinar - Solving the Secrets Management Puzzle
Secrets sprawl is showing no signs of a slowdown. Last month, we revealed 1 in 10 code authors exposed a secret on GitHub in 2022, collectively leaking 10 million secrets (you read that right, T-E-N) on the platform. This time, we're stepping beyond the data. We went on a (virtual) field trip and asked 500+ CISOs and engineering leaders how they currently deal with hardcoded secrets, how they intend to solve their organization's secrets management puzzle, their top priorities and investment areas in AppSec and Dev tooling, and many other questions!
Are Your Company Secrets Safe on GitHub? Here's Why You Need to Request a Complimentary Audit
With a large number of developers, it’s highly likely that your company’s secrets are publicly exposed without your knowledge. Request your audit today and take control of your GitHub security perimeter.
CISO advice - building a comprehensive secrets management program
Jason Haddix is the CISO of BuddoBot and former CISO/Head of Security at UbiSoft. In this clip Jason explores why a comprehensive secrets management program is absolutely vital for a organizations. He walks us through his 4 step secrtes management plan he has rolled out to Detect, Prevent, Respond and Educate. Today Jason puts together his cyber leadership skills with his penetration testing background as the CISO of BuddoBot, a world class red team as a service organization that is designed to emulate and prepare your organization for real world attacks.
Lessons from Lapsus - CISO on Building a comprehensive secrets management program
Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
Platform Engineering and Security: A Very Short Introduction
Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes.
How docker images are made
In this short we look at the three components that make up docker, the docker file, docker image and docker container.
cdCon + GitOpsCon - Co-evolving Open Source DevOps Communities In One Conference
The CD Foundation and OpenGitOps communities joined forces in Vancouver to create cdCon + GitOpsCon for a conference about the future of DevOps tools and best practices.
We're Teaming Up With Snyk to Strengthen Developer Security!
The new partnership enables Snyk and GitGuardian to build, integrate and go to market together to help development and security teams scale their security programs and significantly reduce their applications' attack surface at every stage of the code-to-cloud lifecycle.
Protecting the supply chain in 2023 - Interview with Feross Aboukhadijeh
CEO of socket shares his thoughts on why the supply chain is the biggest risk for 2023 and how we can secure it. This interview was part of an entire episode on The Security Repo podcast dedicated to the insights from the 2023 RSA conference.
How to Handle Secrets in Terraform
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Complete guide to GitHooks - Creating your own pre-commit hooks
GitHooks are a great way of automating tasks and checking information while using git. These hooks are both powerful surprisingly easy to create yourself. In this video tutorial we run through how git hooks work and create both local and global git hooks which can call an API, use grep to find keys and call local package.
Voice of Practitioners: The State of Secrets in AppSec
Our latest report gathered answers from 507 IT and security decision-makers to study awareness about the risks posed by secrets sprawl and operational maturity in large enterprises.
GitGuardian at AppSec Village: Honeytokens for the blue team
GitGuardian was part of AppSec Sandbox at RSA, put on by AppSec Village. Learn about our blue team exercise that used honeytokens to find and boot an attacker.
What are honey pots? Hacker explains why honey pots are so effective at catching security breaches
Hacker Adriel Desautel explains why honey pots are such an effective tool to use against malicious threat actors. Adriel is a legendary personality in the security and hacking communities, today as the founder and CEO of Netraguard he, along with his team, conduct real world penetration tests on organizations of all sizes. This clip is part of an episode in The Security Repo Podcast where white hat hackers Noah Tongate and Adriel Desautel give real world advice on how to protect yourself against 'people like them'.
Quality Assurance Engineering at GitGuardian
Learn about the day-to-day life of a QA engineer and the different techniques and processes used by the QA engineering team at GitGuardian to ensure high-quality products.
ChatGPT Data Breach Break Down
OpenAi have confirmed they have had a data breach involving a vulnerability inside a open-source dependency Redis. This allowed threat actors to see history from other active users. But this leads to the bigger question, how can we secure ChatGPT. In this video I explain my position using some interesting data that ChatGPT should be part of all organizations threat landscape and that banning ChatGPT won't help the situation.
RSA Conference 2023: DevSecOps and The Future Of Security
The RSA Conference in San Francisco drew 40,000 participants over 4 extremely busy days. Read just a few of the highlights from this legendary event.
What are .git directories?
You may have noticed the.git directory sitting in your repo but not understood exactly what this is. These folders can contain lots of sensitive information so it's important to know what they do!
BSides San Francisco - A Two-Day Community Celebration
Read the highlights from BSidesSF, a community event that brought together speakers, workshops, and villages to help us all learn to be safer.