php[tek] 2024 php[tek] 2024 Login
Do you know where your secrets are? Exploring the problem of secret sprawl and secret management
Speaker: Dwayne McDaniel
Do you know where your secrets are? Exploring the problem of secret sprawl and secret management

Level: Intermediate (some prior knowledge necessary)
Length: Standard (50 minutes)

Description:
Do you know what Uber, CircleCI, and Toyota all have in common? They had hardcoded credentials in plaintext somewhere in their environments, which led to either a public leak or enabled an attacker to expand their footprint during a breach. It is easy to understand why hardcoding secrets is a problem, but do you know how widespread this problem is or how fast it is escalating? Do you know how it keeps happening? Do you know what you can do about it? This session will deep dive into the research around secrets sprawl and compare it with historical data to show how much worse the situation is becoming, as well as what type of secrets are most commonly involved. We will also explore how to evaluate the maturity of your secrets management strategies and what steps you might consider next on your security journey. In this session, you will: Hear about the state of secrets sprawl Discover the most commonly leaked credentials See how you can stop secrets sprawl in your organization by shifting left Learn to measure your secrets management maturity.

Thanks to our php[tek] 2025 sponsors!
PHP Architect
(Platinum)