Cloud Security Podcast

Have I lost my Secrets?

Nov 6, 2023

Ziad Ghalleb, Founder of GitGuardian, talks about their free tool 'HasMySecretLeaked' to check if your secret was exposed on GitHub. They discuss the perception of secrets and security among developers, the importance of addressing leaked secrets, and the need to avoid repeating mistakes. The podcast also explores challenges with shadow code and personal emails on GitHub and highlights resources for increasing awareness and ensuring secret security.

29:00

Creator website

Episode guests

Ziad Ghalleb

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Expand secret management programs beyond AWS and consider the range of services and platforms in use.

Utilize the Has My Secret Leaked tool by GitGuardian to check if secrets have been exposed on GitHub.

Deep dives

The Importance of Secret Management Programs

In this podcast episode, the speaker highlights the significance of secret management programs, particularly in relation to cloud-based environments. They emphasize the need to expand existing secret management programs beyond just AWS secrets and consider the range of services and platforms in use. The speaker suggests that a discovery phase is essential to identify the architecture and types of services utilized. They stress the importance of going back to first principles and threat modeling to ensure comprehensive coverage. By focusing on observability, continuous monitoring, and an outcome-based approach, organizations can aim for minimal secret leaks and a zero-heartcoded secrets policy.

Introduction

5min

Secrets, Security, and Leaks

15min

Avoiding the Repetition of Mistakes

4min

Shadow Code, Personal Emails, and Secret Management on GitHub

2min

Building commands for accessing and managing secrets

3min

You know that feeling when you are unsure if you AWS secret that leaked is still available for use. There is no easy way to check this apart from looking in AWS to see if anyone used it. Turns out there could be another way.We have Ziad Ghalleb from GitGuardian to share free tool they released to help people look up if their secret was exposed on Github

Thank you to our episode sponsors GitGuardian and Sysdig

Guest Socials: Ziad's Linkedin (@ghallebziad)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠ Questions asked: (00:00) Introduction

(04:53) A bit about Ziad

(05:47) What are secrets?

(07:37) Has my secret leaked

(08:46) How would users know?

(10:31) Whats the risk?

(15:43) What do orgs do for secrets?

(18:01) Keeping tab on your secrets

(20:33) Secrets management maturity

(22:43) Scaling Secrets management program

(25:20) Where to learn more ?

Resources spoken about during the episode

hasmysecretleaked

Secrets Detection Learning Center

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Cloud Security Podcast

Have I lost my Secrets?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Secret Management Programs

Understanding Secrets and Categories

Has My Secret Leaked: A Forensic Tool

The Maturity of Secret Management

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Cloud Security Podcast

Have I lost my Secrets?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Secret Management Programs

Understanding Secrets and Categories

Has My Secret Leaked: A Forensic Tool

The Maturity of Secret Management

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights