Skip to content

Commit

Permalink
Merge pull request #2841 from OpenSecuritySummit/Alone2671-patch-1059
Browse files Browse the repository at this point in the history 
Create Championing-Security-Scaling Security-At-Every-Level.md
  • Loading branch information
@Alone2671
Alone2671 authored Dec 17, 2023
2 parents 1262d5a + 7f977ae commit 8d152fe
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions ...-summits/Jan/Governance/Championing-Security-Scaling Security-At-Every-Level.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
title : "Championing Security: Scaling Security At Every Level"
track : Governance
project : Risk and Governance
type : working-session
topics :
featured :
event : mini-summit
when_year : 2024
when_month : Jan
when_day : Thu
when_time : WS-15-16
hey_summit :
session_slack:
#status : draft
description :
banner :
organizers :
- Dwayne McDaniel

youtube_link :
zoom_link :
---

## About this session
"No one wants their keys, passwords, and other secrets exposed. Ideally, no developer would ever hardcode anything like that into their work, but unfortunately, a lot of repos are just one bad push from the world gaining access to sensitive data and mission-critical systems. In the best-case scenario, you discover the issue and fix it before something terrible happens, but in the worse cases, you don’t find out until it is far too late. Just ask folks like Uber or Twitch.

Most devs are familiar with using .env and .gitignore files to help prevent Git from tracking specific files and folders. But did you know that you can leverage git hooks, and some open source awesomeness, to keep from accidentally committing your secrets in the first place?

Walk away from this session with some concrete actions you and your devs can take to make sure no secrets make it into your shared hosted repos ever again!
But that is just the start. If you are not actively using Git hooks in your workflows, then this talk is for you. Let's look into the .git folder and unlock a whole world of automation possibilities!

My hope with this session is to help everyone add some easy-to-implement automation to their workflows to prevent making more extreme, and costly, kind of mistakes."

### Publications:
https://blog.gitguardian.com/how-to-use-ggshield-to-avoid-hardcoded-secrets-cheat-sheet-included/

0 comments on commit 8d152fe

Please sign in to comment.