I’m sure you would agree that, in today’s digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication.
Credentials, or sometimes just referred to as ‘Secrets,’ are pieces of user or system-level confidential information that ought to be carefully protected and accessible to legitimate users only. We all know how important it is to keep these assets secure to prevent account misuse and breaches.
A reality check: How often do you make proactive efforts to protect these assets? Rarely, I’d say.
Among the worst mistakes a developer can make when it comes to application security is to accidentally commit confidential information publicly on the Internet. Surprisingly, secrets and credentials are accidentally leaked more often than you might expect, and there are intelligent tools that scan public repositories in search of committed secrets.
With the mission of empowering developers to take control of their own code integrity, SonarLint, a free and open source IDE extension from SonarSource, recently…