Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Menú
Cerrar
Herramientas Back
La información en esta página no se encuentra completamente disponible en tu idioma de preferencia. Muy pronto esperamos tenerla completamente disponible en otros idiomas. Para obtener información en tu idioma de preferencia, por favor descarga el PDF aquí.
Última actualización : Apr 05, 2016
NO EN LA EDICIÓN ACTUAL
Este blip no está en la edición actual del Radar. Si ha aparecido en una de las últimas ediciones, es probable que siga siendo relevante. Si es más antiguo, es posible que ya no sea relevante y que nuestra valoración sea diferente hoy en día. Desgraciadamente, no tenemos el ancho de banda necesario para revisar continuamente los anuncios de ediciones anteriores del Radar. Entender más
Apr 2016
Assess ? Vale la pena explorarlo con el objetivo de entender cómo afectará a tu empresa.

Attackers continue to use automated software to crawl public GitHub repositories to find AWS credentials and spin up EC2 instances to mine Bitcoins or for other nefarious purposes. Although adoption of tools like git-crypt and Blackbox to safely store secrets such as passwords and access tokens in code repositories is increasing, it is still all too common that secrets are stored unprotected. It is also not uncommon to see project secrets accidentally checked in to developers' personal repositories. Gitrob can help minimize the damage of exposing secrets. It scans an organization's GitHub repositories, flagging all files that might contain sensitive information that shouldn't have been pushed to the repository. The current release of the tool has some limitations: It can only be used to scan public GitHub organizations and their members, it doesn't inspect the contents of files, it doesn't review the entire commit history, and it fully scans all repositories each time it is run. Despite these limitations, it can be a helpful reactive tool to help alert teams before it is too late. It should be considered a complementary approach to a proactive tool such as Talisman.

Nov 2015
Trial ? Vale la pena intentarlo. Es importante entender cómo construir esta habilidad. Las empresas deberían implementar esta tecnología en un proyecto que pueda manejar el riesgo.

Safely storing secrets such as passwords and access tokens in code repositories is now supported by a growing number of tools - for example, git-crypt and Blackbox, which we mentioned in the previous Technology Radar. Despite the availability of these tools, it is still, unfortunately, all too common that secrets are stored unprotected. In fact, it is so common that automated exploit software is used to find AWS credentials and spin up EC2 instances to mine Bitcoins, leaving the attacker with the Bitcoins and the account owner with the bill. Gitrob takes a similar approach and scans an organization’s GitHub repositories, flagging all files that might contain sensitive information that shouldn’t have been pushed to the repository. This is obviously a reactive approach. Gitrob can only alert teams when it is (almost) too late. For this reason, Gitrob can only ever be a complementary tool, to minimize damage.

Publicado : Nov 10, 2015

Descarga el PDF

 

 

 

English | Español | Português | 中文

Suscríbete al boletín informativo de Technology Radar

 

 

 

 

Suscríbete ahora

Visita nuestro archivo para leer los volúmenes anteriores

Ir al archivo