Overview
Explore the critical issue of credential leakage in mobile applications and source code repositories. Dive into research findings revealing that nearly 50% of 50,000 analyzed Android apps on the PlayStore contained plain text credentials. Examine the most common types of secrets found, their locations within applications, and the affected industries. Investigate GitGuardian's annual scan of over 1 billion GitHub commits, which uncovered 10 million publicly leaked credentials in 2023. Analyze the connection between leaked secrets in public code repositories and compiled mobile applications. Learn how to identify secret leakage patterns and implement best practices to secure sensitive information like API keys, security certificates, and other credentials in your mobile development process.
Syllabus
PW - Are your secrets safe - How mobile applications are leaking millions of credentials
Taught by
BSidesLV