Fixing Hardcoded Secrets the Developer-Friendly Way


The practice of hard-coding secrets like passwords, tokens, and API keys is skyrocketing as applications increasingly leverage dependencies that require integration and Infrastructure-as-Code that must authenticate services. Yet, hardcoded secrets have been at the heart of numerous security incidents because they expose access to valuable resources and enable attackers to rapidly “peel the onion.” Furthermore, secrets undermine the segregation of duties within organizations, which is key to many compliance standards such as SOC 2 Type II, ISO 27001, PCI, and more.
Yet, we must remember that developers have reasons to hardcode secrets. Not only is hard-coding secrets an efficient way to authenticate but most developers lack alternatives. The question we must ask is how do we balance security with developer efficiency? 

This webinar covers:

  • Introduction to hardcoded secrets (History, risks & breaches)
  • Detecting secrets (What to look for and where) 
  • Developer-Friendly operationalization
  • Demo

Presented by:

Ronen Slavin
Co-Founder and CTO
Andrew Fife
VP of Marketing