硬编码凭证的噩梦

Network Security Pub Date : 2023-02-01 DOI:10.12968/s1353-4858(23)70010-x

Thomas Segura

{"title":"硬编码凭证的噩梦","authors":"Thomas Segura","doi":"10.12968/s1353-4858(23)70010-x","DOIUrl":null,"url":null,"abstract":"With increasing threats from cybercrime and state-sponsored actors around the world, companies need to focus their defence resources on elements that can most cost-effectively reduce their security debt and advance their DevSecOps maturity. Detecting hard-coded secrets in source code is a preventive tactic that greatly increases the cost to the attacker by removing the low-hanging fruits first. But this requires a strategic approach to preserve application security teams’ operational capacity.","PeriodicalId":100949,"journal":{"name":"Network Security","volume":"216 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"The nightmare of hard-coded credentials\",\"authors\":\"Thomas Segura\",\"doi\":\"10.12968/s1353-4858(23)70010-x\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With increasing threats from cybercrime and state-sponsored actors around the world, companies need to focus their defence resources on elements that can most cost-effectively reduce their security debt and advance their DevSecOps maturity. Detecting hard-coded secrets in source code is a preventive tactic that greatly increases the cost to the attacker by removing the low-hanging fruits first. But this requires a strategic approach to preserve application security teams’ operational capacity.\",\"PeriodicalId\":100949,\"journal\":{\"name\":\"Network Security\",\"volume\":\"216 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Network Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.12968/s1353-4858(23)70010-x\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12968/s1353-4858(23)70010-x","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

随着世界各地网络犯罪和国家支持的行为者的威胁日益增加，企业需要将其防御资源集中在最具成本效益的元素上，以减少其安全债务，并提高其DevSecOps成熟度。检测源代码中的硬编码秘密是一种预防性策略，通过先移除容易得到的秘密，大大增加了攻击者的代价。但是这需要一种战略方法来保持应用程序安全团队的操作能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

The nightmare of hard-coded credentials

With increasing threats from cybercrime and state-sponsored actors around the world, companies need to focus their defence resources on elements that can most cost-effectively reduce their security debt and advance their DevSecOps maturity. Detecting hard-coded secrets in source code is a preventive tactic that greatly increases the cost to the attacker by removing the low-hanging fruits first. But this requires a strategic approach to preserve application security teams’ operational capacity.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Network Security

自引率

0.00%

发文量

期刊最新文献

Cyber threats and key mitigation strategies Enhancing network resilience against growing cyberthreats The burden of keeping passwords secret Is new legislation the answer to curbing cybercrime? Interconnection, NIS2 and the mobile device