Advancedsecurity
Secrets in the Open
A security researcher just DMed your company Twitter: 'Hey, your production AWS keys and Stripe API keys are in a public GitHub repo. You might want to fix that.' Your stomach drops. The clock is ticking — every second those keys are exposed is a second an attacker could use them.
INCOMING INCIDENT
$ incident --describe secrets-in-the-open
A security researcher just DMed your company Twitter: 'Hey, your production AWS keys and Stripe API keys are in a public GitHub repo. You might want to fix that.' Your stomach drops. The clock is ticking — every second those keys are exposed is a second an attacker could use them.
5
Decision Points
60s
Per Step
600
Max Score
400
Passing Score