Labels Predicted by AI
Please note that these labels were automatically added by AI. Therefore, they may not be entirely accurate.
For more details, please see the About the Literature Database page.
Abstract
Leaked secrets, such as passwords and API keys, in codebases were responsible for numerous security breaches. Existing heuristic techniques, such as pattern matching, entropy analysis, and machine learning, exist to detect and alert developers of such leaks. Heuristics, however, naturally exhibit false positives, which require triaging and can lead to developer frustration. We propose to use known production secrets as a source of ground truth for sniffing secret leaks in codebases. We develop techniques for using known secrets to sniff whole codebases and continuously sniff differential code revisions. We uncover different performance and security needs when sniffing for known secrets in these two situations in an industrial environment.