{"title":"硬编码凭证的噩梦","authors":"Thomas Segura","doi":"10.12968/s1353-4858(23)70010-x","DOIUrl":null,"url":null,"abstract":"With increasing threats from cybercrime and state-sponsored actors around the world, companies need to focus their defence resources on elements that can most cost-effectively reduce their security debt and advance their DevSecOps maturity. Detecting hard-coded secrets in source code is a preventive tactic that greatly increases the cost to the attacker by removing the low-hanging fruits first. But this requires a strategic approach to preserve application security teams’ operational capacity.","PeriodicalId":100949,"journal":{"name":"Network Security","volume":"216 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"The nightmare of hard-coded credentials\",\"authors\":\"Thomas Segura\",\"doi\":\"10.12968/s1353-4858(23)70010-x\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With increasing threats from cybercrime and state-sponsored actors around the world, companies need to focus their defence resources on elements that can most cost-effectively reduce their security debt and advance their DevSecOps maturity. Detecting hard-coded secrets in source code is a preventive tactic that greatly increases the cost to the attacker by removing the low-hanging fruits first. But this requires a strategic approach to preserve application security teams’ operational capacity.\",\"PeriodicalId\":100949,\"journal\":{\"name\":\"Network Security\",\"volume\":\"216 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Network Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.12968/s1353-4858(23)70010-x\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12968/s1353-4858(23)70010-x","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
With increasing threats from cybercrime and state-sponsored actors around the world, companies need to focus their defence resources on elements that can most cost-effectively reduce their security debt and advance their DevSecOps maturity. Detecting hard-coded secrets in source code is a preventive tactic that greatly increases the cost to the attacker by removing the low-hanging fruits first. But this requires a strategic approach to preserve application security teams’ operational capacity.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
