Remediating Incidents With the GitGuardian API [Cheat Sheet Included]

Fotolia Subscription Monthly 4685447 Xl Stock
When a hardcoded secret is detected in your source code, you can rely on GitGuardian to help you prioritize, investigate, and remediate the incident. When you think of the GitGuardian platform, most people picture the dashboard.
The GitGuardain Dashboard

From this view, you can quickly see high-level incident information that can help you triage your incidents, assign them to workspace members and begin the process of fixing the issue. The team has put a lot of thought and effort into making this a very user-friendly interface that customers can quickly learn and leverage when dealing with secrets sprawl.

The GitGuardian API

Some teams might prefer to leverage the power of the GitGuardian platform without using the dashboard directly in some cases. This is entirely possible thanks to the powerful GitGuardian API, which is available to all customers. With our API, you can interact with incidents, teams, workspace members, and audit logs; or even implement your own secrets scanning.

Cybersecurity and AI Deep in the Heart of Texas Cyber Summit

Featured Imgs 26

Austin, Texas, is the 10th largest city in the US and is constantly growing, both in population and in industry. Every year, dozens of major companies either relocate or expand into the Austin area. It is also home to six universities, like The University of Texas at Austin and Texas State. As the state capitol of Texas, many government agencies have a presence there as well. Folks from all these sectors came together in the last week of September to learn from one another at Texas Cyber Summit 2023.

Here are just a few of the highlights from this security-focused event.

Secrets Management Takes More Than Just Tools

Featured Imgs 26

Every company wants to have a good security posture, and most are investing in security tooling. According to Gartner, worldwide spending on security is forecast to grow 11.3% in 2023 to reach more than $188.3 billion. 

However, despite all this spending, there are certain areas where problems are only getting worse, such as secrets sprawl. Reports now say over 50% of cyber attackers gained their initial foothold by exploiting compromised credentials. No organization wants to go through an indecent like Samsung or Nvidia or repeat Uber's unfortunate experience

What to Do if You Expose a Secret: How to Stay Calm and Respond to an Incident

Featured Imgs 23

You probably are here because you leaked a secret somewhere and want to get straight to rotating the secret. If you are a solo developer or you know for sure you are the only user of the secret and understand what rotating the secret might disrupt, start here: Rotate the secret and store the new credential safely.

If you work in a team and are not sure who uses this secret, what it gives access to, or what outages might occur from rotating it, then please read on.

Techno Security and Digital Forensics Conference East 2023

Featured Imgs 23

If you have ever heard of Wilmington, North Carolina, it might be because the WW2 battleship North Carolina is moored there, or that it is a historically significant shipping town, or because of its role in the US-British Revolutionary War. But starting in 2023, it is also known as the East Coast home for the Techno Security and Digital Forensics Conference, which was previously held in Myrtle Beach. 2023 also marked the 23rd year of the conference and community, this year bringing together just over 1,000 total participants.

Many of the sessions were directed at law enforcement officers, leaning into the digital forensics side of the conference, and a lot of the attendees worked with various government agencies. There were also plenty of sessions for the general security community as well. Here are just a few of the highlights from this enlightening cybersecurity event.

BSidesAustin 2023: CyberSecurity In The Texas Tech Capital

Featured Imgs 23

Austin, Texas, is a city filled with music, vibrant nightlife, and some legendary BBQ. It is also one of the great tech hubs of the southern United States, home to a wide variety of tech innovators like Indeed, SolarWinds, and Amazon's Whole Foods. It is simultaneously home to one of the largest tech events in the world, SXSW, as well as many smaller tech events, including BSides Austin 2023.

Like other BSides, Austin had informative sessions, a number of training opportunities, and several villages, including capture the flag, lockpicking, and more. Here are just a few of the highlights from this year's excellent event.

GitHub Exposed a Private SSH Key: What You Need to Know

Featured Imgs 23

Secrets leakage is a growing problem affecting companies of all sizes, including GitHub. They recently made an announcement on their blog regarding an SSH private key exposure:

[Last week, GitHub] discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.

The company reassured the public explaining that the key was only used to secure "Git operations over SSH using RSA," meaning that no internal systems, customer data, or secure TLS connections were at risk. They reacted immediately by detecting the incident and changing the key:

CyberTech NYC 2022: Securing the Future Together

Featured Imgs 23

The Javits Center in NYC opened its doors to hundreds of security experts from all around the world on November 15th and 16th, 2022. Over those two info-packed days, attendees participated in panels and presentations and shared their knowledge about enterprise security. Here are just some of the highlights from CyberTech NYC 2022

The Larger the Organization, the More Turtles to Corral

Early in the conference, CyberTech Co-Founder Amir Rapaport shared a very good analogy for how large enterprises have transformed, corralling turtles.

Turtles move slowly, akin to how fast we adopt new tech or modify existing systems. If you only have a few turtles, keeping up with them and making sure they are safe is pretty straightforward. But when you add more and more turtles, it becomes increasingly difficult to manage them. When you get to hundreds or thousands of turtles, or IT services, manually chasing them and keeping them safe becomes overwhelming.

Unfortunately, there is no silver bullet to this problem of herding turtles; it just takes staying vigilant and aware of newly emerging threats. This introductory session set the tone of the event, and his message of staying on top of new trends was echoed throughout the rest of CyberTech.

How To Use ggshield To Avoid Hardcoded Secrets [Cheat Sheet Included]

Featured Imgs 23

Most developers love working in the terminal, tying together all sorts of tools with command line interfaces, CLIs, via scripting. Working with CLIs is powerful, but it can be challenging to initially learn all the ways a tool can help you do your work. While the only real way to learn any tool is by using it, one time-tested method to get over the learning curve is to keep a short list of common commands, as well as concept recaps, on hand for using the tools.

At the same time, it is pretty common to adopt a tool for one or two specific functions, without investigating what other commands a tool offers. For example, just think about how many Git commands you use regularly out of the 164 currently available commands. Getting a holistic view of how a command line tool is structured and the possible commands can help you make better use of the platform.