Thursday, 15 January 2015

Gitrob - "This New Tool Crawls GitHub Sensitive Data"

For developers and organizations that work with GitHub is a new tool appeared which makes it possible to search the platform on sensitive data. GitHub is a popular online platform for software developers that code and files can be shared.

Also can work on projects together over the platform. Many companies and projects use GitHub to host both internal and public projects. Sometimes it happens that employees publish things that actually may not be published. This relates to sensitive data or business with which a system can be made ​​immediately. "This can happen by accident or because the employee does not realize the sensitivity of the information," said Michael Henriksen .

So it still happens regularly that developers publish things as private keys and credentials. Henriksen therefore developed Gitrob , enabling organizations and security professionals can find this kind of sensitive data. The tool collects all the public "repositories" of the organization, as well as all employees and their public repositories. Then all available files are collected and analyzed to see if they match patterns for sensitive files.

Henriksen works for SoundCloud and had to develop a system that monitors GitHub sensitive files. He notes that organizations can look through his tool or no sensitive files roam. In addition, penetration testers and more "offensive" security professionals can use the tool to collect information about a potential target.

No comments:

Post a Comment