Secret Scanning in Open Source at Scale - An In-Depth Analysis

Explore an in-depth conference talk from HITB 2024 Bangkok that delves into large-scale secret scanning research across open-source assets. Learn about the critical findings from scanning over 2 million NPM packages, 60,000 WordPress plugins, and Ruby Gems for exposed secrets like private API keys from 33 different providers including AWS and Google. Discover the implications of supply chain security vulnerabilities following incidents like log4j, and gain practical insights into preventing such exposures through CI/CD pipeline automation. Presented by Danish Tariq, a seasoned Security Engineer with 8+ years of experience and notable contributions to bug bounty programs for Microsoft, Apple, Nokia, and others, alongside achievements including BlackHat MEA 2022 speaker and multiple CVE discoveries.