Explore a conference talk from BSidesSF 2023 that delves into Segment's proactive approach to protecting customer API keys. Learn about the often-overlooked security risks associated with API keys, including the thousands of secrets leaked daily on GitHub. Discover how these leaked keys can potentially perform the same actions as authorized users, posing significant threats to organizational security. Gain insights into Segment's innovative strategies for safeguarding user API keys, moving beyond traditional security measures like app hardening, suspicious session tracking, and phishing investigation. This 26-minute presentation by Sal Olivares offers valuable knowledge for security professionals looking to enhance their API key protection protocols and mitigate associated risks.
Overview
Syllabus
BSidesSF 2023 - How Segment proactively protects customer’s API keys (Sal Olivares)
Taught by
Security BSides San Francisco
Related Courses
-
Exposed Secrets - How Public Git Repositories and Docker Images Expose Millions of Secrets Like API Keys and Security Certificates Every Year
-
Reducing Mixtape to Master Key Scenarios - How to Block the Dark Army from Mayhem Using API-Driven Access Control
-
How to Hide Your API Keys Safely When Using React
-
An Overview of API Underprotection
-
TruffleHog Chrome Extension - Open CORS in SAAS API's Lead to Leaky Keys
-
The GCP Metadata API - Security Considerations, Vulnerabilities, and Remediations
