August 25
15:00–16:00
Using tokens for secrets search or imitating SAST
AppSec.Zone
Russian
Finding secrets in a codebase is an essential stage of any mature SDLC. This report is about Avito’s approach to finding secrets in their codebase and docker images. The speaker will talk in depth about the process in the context of SDLC, why the current open source does not cover all needs, and most importantly, about interesting tricks that had solved many of the problems with search accuracy.