Detecting Hard-Coded Credentials in Software Repositories via LLMs - arxiv.org/pdf/2506.13090 Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces exploitable by a potential adversary to conduct malicious exploits such as backdoor attacks. Recent detection efforts utilize embedding models to vectorize textual credentials before passing them to classifiers for predictions. #HardcodedSecrets #CredentialLeak #LLMSecurity #CodeScanning #AIinSecurity #SoftwareSecurity #TokenDetection #BackdoorRisk #SecureCoding #SecretDetection #GPTSecurity #LLMDetection #CodeVulnerabilities #AIStaticAnalysis #CredentialHunting #RepoSecurity #DevSecOps #SecureDev #AI4Code #PLMSecurity

Hardcoded secrets in GitHub expose companies to major risks. Learn how to detect leaks and protect your code beyond the traditional security perimeter. - hackernoon.com/from-repos-to… #githubsecurityrisks #hardcodedsecrets

#GitHub announced it is making available its secret scanning service to all public repositories on their platform for free. This feature will be fully rolled out to all public repos in January 2023: #hardcodedsecrets #AppSec thehackernews.com/2022/12/gi…

So be careful with your code, #hardcodedsecrets are so lame, avoid the dangers of pushing secrets, or end up with all git blame! HEY!

Hey, you know my talk about "Stop Committing Your Secrets - Git Hooks To The Rescue" Wonder what can happen if you do commit secrets? THIS!!! blog.gitguardian.com/uber-br… #uberhack #uber #phishing #hardcodedsecrets

It's been more than 14 years since my previous #RCE in SmarterMail so it was almost the time: securitytracker.com/id/10130… (I can't even remember, so don't even ask!) - The new one is more fun though: #Deserialization #XSS #DirTraversal #HardCodedSecrets in #ASPNET :)