GitGuardian

🌟 We’re proud to share a recent 5-star review on Gartner Peer Insights for GitGuardian! Here’s what one of our valued users had to say: "GitGuardian has truly transformed the way we handle code security within our development teams. It addresses one of the most pressing issues in software development today: the accidental exposure of sensitive information like API Keys, Tokens and Credentials. The platform's real-time secret detection has become an essential part of our security strategy, helping us avoid costly breaches." Verified user review by Gartner: https://lnkd.in/e7bVsHqc

In the latest episode of the Security Repo Podcast, we sit down with José Martinez to discuss: - His journey from retail to senior analyst in #cybersecurity - How hacking helped him navigate the U.S. immigration system (DACA) - Lessons from the #BlueTeamCon talk on real-world hacking - The importance of non-traditional paths in tech careers 🎧 Tune in now for a thought-provoking episode: https://lnkd.in/es_MY74A #Cybersecurity #DACA #InfoSec #TechCareers"

✨ AI Summit Vancouver 2024 highlighted the balance between AI’s rapid advances and the need for responsibility in its deployment. Here's a look at key insights from this year's discussions: - Morten Rand-Hendriksen opened with AI ethics, stressing the importance of aligning AI with human values rather than chasing competitors blindly. - Nicholas Muy shared AI-native threat modeling, urging us to focus on understanding and securing every step of AI pipelines. - Google’s Jason Mayes showed how browser-based AI can reduce latency and boost privacy by keeping data local. - OWASP's Talesh Seeparsan warned of AI's potential to aid malicious actors, unveiling key issues like prompt injection and model theft in the new OWASP Top 10 for AI. This was a powerful start to Vancouver's first AI summit, focusing on both the transformative potential and the risks of AI. 🌍 https://lnkd.in/enAQEKbp #AISummit #EthicalAI #AIsecurity #OWASP #TechInnovation

Our security engineer Kayssar shares his thoughts on the last blog about the security culture by C.J. May Read the full article https://lnkd.in/eJTKngsg

🥱 Alert fatigue slowing down your team? GitGuardian’s custom hosts for validity checks let you verify secrets directly from self-hosted tools like your onprem GitLab or Jira Data Center, so you can focus on what matters most. 🎯 Prioritize real threats: Detect active secrets, skip distractions from expired ones. ⚙️ Adapt to complex setups: Configure multiple custom hosts per detector. 😌 Easy setup: No technical expertise required. GitGuardian helps security teams cut through noise andtackle confirmed threats head-on. Learn more: https://lnkd.in/eJX2ASbK

Did you already hear about the recently discovered global operation, EMERALDWHALE, targeting exposed Git configurations? It resulted in more than 15,000 cloud service credentials stolen! 📝TLDR: The attackers were grabbing credentials from .git/config by scraping websites, going after AWS secrets if they found valid VCS credentials. Exposed Git configuration files and the credentials they contain offer access to private repositories that normally would be difficult to access. In a private repository, developers may be more prone to include secrets because it offers a false sense of security. This attack shows that secret management alone is not enough to secure an environment. There are just too many places credentials could leak from! https://lnkd.in/dKx8BZdC

SecureWV 2024 brought cybersecurity professionals together for a memorable cryptid-themed conference in West Virginia! Here’s what made this event both informative and unique: - Collaborative Security: Matt Scheurer emphasized the value of “people in depth” over “defense in depth,” underscoring the importance of connecting with teams before incidents happen. - Threat Modeling as Strategy: Hudson Bush encouraged a shift from hypothetical fears to practical threat mapping, moving away from "fever dream" attack scenarios. - Human Element in Security: Erich Kron reminded us that people are still the primary line of defense, advocating for a proactive approach to testing and teamwork. - Fun Meets Function: With a theme of Bigfoot and Mothman, attendees were reminded that facing cybersecurity challenges together makes the journey far less scary. Kudos to all at #SecureWV2024 for making security education both effective and engaging! https://lnkd.in/eQm22Kdt

"🔐 Is your phone call actually from your bank? Per Thorsheim, founder of PasswordCon, breaks down the STIR/SHAKEN protocol—a tech designed to verify phone numbers & stop spoofing. In this episode, we dive into: - How #STIRSHAKEN works and why it's critical for secure calls - The evolution of password security and best practices - Pål's journey from pentesting to running PasswordsCon Tune in to hear how these innovations are shaping #Cybersecurity! 🎧 https://lnkd.in/gnihErqh #PasswordSecurity #PhoneFraud #InfoSec

🕷️ Halloween horrors aren’t just for haunted houses—leaked secrets can linger in your code, too! This GitGuardian article exposes: - Doomed keys hidden in Docker layers - Cursed git add . commands that reveal sensitive data - Invisible secrets haunting commit metadata Don’t let secrets come back to haunt you! Explore detection tactics to stay secure: https://lnkd.in/eHNZDriv #AppSec #Cybersecurity #ScarySecrets

🥁 We have some exciting news to share! We’ve been named to the 2025 #Cyber60 List, presented by Fortune and Lightspeed. We’re proud to be recognized alongside so many companies reshaping the future of cybersecurity. Huge thanks to our team for all the hard work and innovation that got us here 💥 Check out the full list here: https://lnkd.in/gdAHwEi6