Checked a SECRET into Git? Learn how to FIX IT! скачать в хорошем качестве

Checked a SECRET into Git? Learn how to FIX IT!

Discover the intriguing world of secret management in code with our engaging video! Have you ever slipped a secret into your source code, only to realize it's a security nightmare waiting to happen? Join us as we delve into the complications of dealing with these hidden gems. 🔒 Unveiling the Issue: Have you been caught hard coding secrets in your app's codebase or configuration files? Brace yourself for a rendezvous with your appsec team! We'll explore the thorny challenges of resolving secrets within your code. 🌐 Embarking on a Bitbucket Journey: Watch as we demonstrate a real-world scenario. We've set up a new Bitbucket repository, ready to unveil the secret-keeping mishaps developers often fall into. Cloning it locally, we dive headfirst into the secret-related turmoil. 🧩 The Buildfile Saga: As we craft a buildfile using vi, we craftily embed a secret password. You might think it's far-fetched, but you'd be surprised how often this occurs. Witness firsthand as we stage our changes and push them to Bitbucket. 🚪 The Appsec Enigma: Fast forward in time, where an appsec specialist uncovers our covert secret. Can we fix the issue? Explore the path of redemption as we step back into the codebase. 🛠️ The Redemption Quest: Tackling the issue, we modify the code to fetch secrets externally. Through a simple bash script, we illustrate the process of reading secrets from the command line. Say goodbye to embedded secrets! 📜 A History Lesson: But hold on! The past isn't so easy to erase. Our journey into Git history exposes lingering secrets. Peek into the complexities of managing commit history, and uncover why drastic changes aren't always the answer. 📊 Graphical Revelations: Navigate through Git logs to visualize the trail of secrets left behind. Dive deep into commit IDs, authors, dates, and comments. Witness the power of Git's history unfolding before your eyes. 🔍 The Password Spectacle: As we reveal secrets in history, be amazed by the ease with which hackers could exploit them. Experience firsthand the chilling reality of overlooked secrets in plain sight. 🔐 The Revocation Solution: Uncover the crucial step beyond code cleanup: secret revocation. We detail the process of disabling, removing, and changing secrets. Plus, learn why vigilance is key when reintroducing new secrets. 🔗 Reinventing Security: Explore the process of revoking secrets in systems like Bitbucket. Discover the do's and don'ts of secret management, ensuring your application remains fortified against malicious intent. 📺 Like, Subscribe, Secure: If this exploration of secret management has ignited your curiosity, like, subscribe, and share the knowledge! Our video will equip you to begin your journey towards secure coding practices. Remember, security starts with you. #softwaresupplychain #gittutorial #appsec