Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Crafting Secure Software
  • Table Of Contents Toc
Crafting Secure Software

Crafting Secure Software

By : Greg Bulmash, Thomas Segura
5 (1)
close
close
Crafting Secure Software

Crafting Secure Software

5 (1)
By: Greg Bulmash, Thomas Segura

Overview of this book

Drawing from GitGuardian's extensive experience in securing millions of lines of code for organizations worldwide, Crafting Secure Software takes you on an exhaustive journey through the complex world of software security and prepares you to face current and emerging security challenges confidently. Authored by security experts, this book provides unique insights into the software development lifecycle (SDLC) and delivers actionable advice to help you mitigate and prevent risks. From securing code-writing tools and secrets to ensuring the integrity of the source code and delivery pipelines, you’ll get a good grasp on the threat landscape, uncover best practices for protecting your software, and craft recommendations for future-proofing against upcoming security regulations and legislation. By the end of this book, you’ll have gained a clear vision of the improvements needed in your security posture, along with concrete steps to implement them, empowering you to make informed decisions and take decisive action in safeguarding your software assets.
Table of Contents (11 chapters)
close
close
1
Appendix: Glossary of Acronyms and Abbreviations: Index

Secrets in code

In this section, we’ll talk about secrets that end up in source code and why it’s a much bigger problem than some people think. In GitGuardian’s 2024 State of Secrets Sprawl report,1 we described how we found 12.8 million new incidents of secrets being committed to GitHub in plain text. We also found exposed secrets in the source code of third-party components from the Python Package Index (PyPI).

How do secrets end up in code?

In simple terms, adding secrets directly to the code or a plain-text file of environment variables is often seen as the quickest and least thought-intensive way to use them. Developers add the secret as a string value and then use it wherever needed. It might be in the code itself or it may be in a plain-text file of environment variables that gets read and used by the software. This then ends up in their commit history if they haven’...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Crafting Secure Software
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon