Repository Scanner: Detecting Hard-coded Credentials in your Code

The repercussions for storing credentials in source code can be consequential. A recent example of MSI source code, which was obtained by adversaries, led to the exposure of Intel's OEM Private keys.

Protecting your organization from credential theft through scanning your organization's source code for hard-coded credentials is buzzing in 2023.

With RESC (REpository SCanner), ABN Amro has provided an open-source tool (licensed under MIT) that consists of a couple of easy-to-deploy Docker images that combine into a full-fledged setup for secret detection and triaging.

With support for GitHub, Azure DevOps, and Bitbucket, RESC covers most of the version control system bases.

Join this talk to learn more about the reasoning behind creating RESC, why we open-sourced it, and how RESC helps in addressing issues with hard-coded credentials in source code at scale.

The talk is presented by Peter van der Spek and Ingmar Vis.

Ingmar is a Product Owner with a technical background, who has been working in the realm of secure coding for 4 years and in the realm of CICD for 8 years. Ingmar helps making ABN Amro's application security a little bit safer every day.

Peter is a Software engineer and Cyber security consultant, who has been working in the secure coding realm for about 3,5 years and 10 years as software engineer. Peter enjoys simplifying things to the point of singularity, through which deliverables become tangible.

Schedule:
18:00 - 19:00 Pizza & Drinks
19:00 - 20:00 Talk
20:00 - 21:00 Drinks