AIにより推定されたラベル
※ こちらのラベルはAIによって自動的に追加されました。そのため、正確でないことがあります。
詳細は文献データベースについてをご覧ください。
Abstract
Leaked secrets, such as passwords and API keys, in codebases were responsible for numerous security breaches. Existing heuristic techniques, such as pattern matching, entropy analysis, and machine learning, exist to detect and alert developers of such leaks. Heuristics, however, naturally exhibit false positives, which require triaging and can lead to developer frustration. We propose to use known production secrets as a source of ground truth for sniffing secret leaks in codebases. We develop techniques for using known secrets to sniff whole codebases and continuously sniff differential code revisions. We uncover different performance and security needs when sniffing for known secrets in these two situations in an industrial environment.