Nikolai Khechumov

Senior Security Engineer, Avito

About the speaker

Nikolai is passionate about the essence of information and its security in any manifestation: from RE of microcontrollers, ham radio games, and ClientHello, to legal issues, standards, and raw methodologies.

Nikolai has spent the last 5+ years building an AppSec platform for Avito on all stages of SDLC. His other engagements include giving engineering lectures and playing a leading role in the Security Champions community.

August 25

15:00–16:00

Using tokens for secrets search or imitating SAST

AppSec.Zone

Russian

Finding secrets in a codebase is an essential stage of any mature SDLC. This report is about Avito’s approach to finding secrets in their codebase and docker images. The speaker will talk in depth about the process in the context of SDLC, why the current open source does not cover all needs, and most importantly, about interesting tricks that had solved many of the problems with search accuracy.

Presentation