Protect your brand code repository from exposure

ASI

So, how safe and secure do you think your user credentials are in online code repositories? Organizations from around the world are getting repeatedly crippled by this issue. Netenrich’s ASI augments your SOC with always-on attack surface analysis and empowers them to keep an eye out for code repository exposures and prevent the leakage of business-critical information.

 

 

The actual scope of the problem

Some North Carolina State University researchers scanned billions of files on GitHub, the world’s largest online code repository, as part of an academic study. The researchers went through just 13% of GitHub’s public repositories, and this is what they found:

  • Over 100,000 code repositories exposed authentication secrets, such as cryptographic keys and API tokens.
  • There are a thousand more repositories leaking unique information every single day.

Looking deeper

Let’s gain more context to understand the true scope of the issue at hand. During the test, researchers revealed that some repositories belonged to large, prominent companies. These included:

  • A site used by millions of college applicants in the U.S.
  • Secret information about a major government agency in a Western European country.

How does Netenrich counter code repository exposure?

Netenrich’s proprietary ASI continually keeps an eye out for any brand mentions made in these code repositories. The moment the system gets a match, our analysts look into the matter and check whether the brand mention is associated with confidential information leaks or not. Recently, we discovered the API keys and related secret information for one of our clients on GitHub through our attack surface analysis. Our combination of industry-leading machine+human intel allows us to remediate critical issues with proper context.

CURIOUS?

Secure your organization with Attack Surface Intelligence (ASI).

JOIN US

EXPLORE OTHER USE CASES

Monitoring Authenticated Services

Fix Open Port Misconfigurations

Attack Surface Reduction with Early Threat Hunting