Don't leak your keys: Understanding, measuring, and exploiting the appsecret leaks in mini-programs
Mobile mini-programs in WeChat have gained significant popularity since their debut in
2017, reaching a scale similar to that of Android apps in the Play Store. Like Google …
2017, reaching a scale similar to that of Android apps in the Play Store. Like Google …
[HTML][HTML] Decoding developer password patterns: A comparative analysis of password extraction and selection practices
N Lykousas, C Patsakis - Computers & Security, 2024 - Elsevier
Passwords play a crucial role in authentication, ensuring that only authorised entities can
access sensitive information. However, user password choices are often weak and …
access sensitive information. However, user password choices are often weak and …
Tales from the Git: Automating the detection of secrets on code and assessing developers' passwords choices
N Lykousas, C Patsakis - 2023 IEEE European Symposium on …, 2023 - ieeexplore.ieee.org
Typical users are known to use and reuse weak passwords. Yet, as cybersecurity concerns
continue to rise, understanding the password practices of software developers becomes …
continue to rise, understanding the password practices of software developers becomes …
A Comparative Study of Software Secrets Reporting by Secret Detection Tools
SK Basak, J Cox, B Reaves… - 2023 ACM/IEEE …, 2023 - ieeexplore.ieee.org
Background: According to GitGuardian's monitoring of public GitHub repositories, secrets
sprawl continued accelerating in 2022 by 67% compared to 2021, exposing over 10 million …
sprawl continued accelerating in 2022 by 67% compared to 2021, exposing over 10 million …
Armored Core of PKI: Remove Signing Keys for CA via Physically Unclonable Function
X Zhang, C Chen, K Qin, C Zhang, S Qu… - arXiv preprint arXiv …, 2024 - arxiv.org
The protection of CA's signing keys is one of the most crucial security concerns in PKI.
However, these keys can still be exposed today by human errors or various carefully …
However, these keys can still be exposed today by human errors or various carefully …
AssetHarvester: A Static Analysis Tool for Detecting Assets Protected by Secrets in Software Artifacts
SK Basak, KV English, K Ogura, V Kambara… - arXiv preprint arXiv …, 2024 - arxiv.org
GitGuardian monitored secrets exposure in public GitHub repositories and reported
developers leaked over 12 million secrets (database and other credentials) in 2023 …
developers leaked over 12 million secrets (database and other credentials) in 2023 …