Factors Considered during Detection and Remediation of GitHub Leakages

The software development process is integrated into several different interactions with incremental development. Due to the incremental stages of development and changes made, the process is always exposed to more security threats as the process advances. 

Ensuring a secure and compliant workflow during the software development process is important. To prevent credentials leakage on GitHub and protect an organization from targeting hackers requires application security such as GitHub security and GitGuardian with the support of security professionals.

The majority of applications have known vulnerabilities, despite an increase in available tools to detect these secure software development does not get sufficient security and remediation from GitHub itself since it was developed for open-source projects and the security features were later improvements and part of an additional paid subscription. The service was developed for code review and distribution happens by default hence not advisable to be used on its own for effective security measures. For these reasons, companies require additional security offered by paid plans.

Monitoring and revoking of sensitive information by security teams involve consideration of various functional category features which help to realize the security of the client information. The security application ensures the safety of information by considering the following key factors.

Definition and monitoring of a client’s perimeter

Perimeter monitoring requires automated association of repositories, developers, and source code. To be able to focus on an organization’s interest while surpassing any noise in the public GitHub is important. Most leakages occur in developers personal  public repositories and some in the company’s repositories. Preventing organization leaks through developers’ repositories is key to prevent the distribution of sensitive information. Such leaks can happen mistakenly or intentionally and mostly due to:

  • A developer using both personal and professional GitHub accounts combined, hence mixing the repositories.
  • Human error in configuring git and push of wrong data.
  • Forgetting to remove the git history hence becomes visible to the public.
  • Companies having know authority to implement security requirements on personal accounts. 

Incident Detection

Leaked git secrets fall under two categories i.e. secrets and intellectual property eg source code. Such leaks require identification and investigation to determine what type of information is leaked. Secrets are considered as anything that compromises system access by unauthorized persons. It can be in form of breached passwords, private keys, API keys, usernames, and database connection strings. This information can be used by hackers to get access to messaging systems, databases, file-sharing systems, and payment systems, among others. intellectual-property information can also be leaked to the GitHub platform and can be traced similarly..

Precision of the detector is required in situations where false alerts are common. An answer’s precision is measurable enabling vendors to indicate whether it is a true alert or a false alert. Any alert should be backed up with evidence and a clear method of detection.

Additionally, apart from determining the degree of precision of an answer, it is important to recall specific answers to questions. This helps to quantify the specific amount of detected leakage. This prevents the process of having to go through the whole source code to detect sensitive information. It is also key to note that not all credentials are distinct and easy to find. Advanced pattern matching is therefore necessary for ambiguous pattern detections of leaked credentials. Finally, the keywords chosen should be clear and distinguishable such that they are specific to the clients or company for quick detection and identification of leaked information.

Alert

GitHub leaks are time-oriented and need immediate action, hence the need for real-time alerting. The more time of exposure the more the spread of the information to unwanted persons. Since it is difficult to determine the number of parties reached, it is advisable to invalidate the leaked credentials before they can be used against the company. Leakage alerts are important especially to developers to face them quickly. Developer leaks need quick actions since the information can be used to access more data and there is a probability the developer is still on their devices. The DevOps personnel are also allowed to inspect logs to determine the time and key used to hack. The threat response is also required to deal with the leakage.

Remediation

Revoking of leaked information requires solution integration from the chats or ticketing system to integrate the remediation workflow. The company may have a spread in different geographical locations, having a centralized dashboard is hence key for application security teams. Developers should always be included in the remediation process so that the code surrounding the leakage can be identified and invalidated.

Log and Analyse.

Depending on the logged data the following may be essential.

  • Post-incident analysis
  • Compliance demonstration to customers and auditors
  • Reporting to management
  • Progress of the solution

Every remediation is documented and what the solution has achieved made aware to everyone involved. Reproducible results and evidence are required throughout the remediation process.

 

Contributed by Umesh Kumar Keshri

Umesh is a Director of the strategy, PR consultant and Founder of B2B TIMES and B2B TRIBUNE. He has over 6 years’ experience in marketing at companies ranging in size from start-ups to a Fortune 50 company. He really enjoys writing about himself in the third person.

Comments are closed.