Категории

2 million .git directories exposed! Why .git folders are sensitive & how they are leaked publicly

Опубликовано: 21 Ноябрь 2022
на канале: GitGuardian
1,959
61

In this video, we look through research by CyberNews and other independent researchers that exposes the huge problem of publicly accessible .git directories hosted on web servers. These folders contain all the metadata from a git repository including all the history, commit data and remote host information. These can contain lots of sensitive information that hackers can use to exploit your website and are often very sensitive.
We look in detail at what .git directories are, what sensitive information they contain and how they become accidentally public.

Links:
CyberNews research - https://cybernews.com/security/millio...
SDCat Research -   / sdcat  
Indian gov breach - https://blog.gitguardian.com/indian-g...

Tools
GGShield, detect secrets in git - https://github.com/GitGuardian/ggshield
Amass, In-depth Attack Surface Mapping and Asset Discovery https://github.com/OWASP/Amass
DirSearch, Web path scanner - https://github.com/maurosoria/dirsearch
GitJacker - https://github.com/liamg/gitjacker

Intro 0:00
What are .git directories 0:44
Why are .git directories sensitive 0:37
How are .git folders get exposed 4:30

play_arrow
1,354
2

BIGO HOT Goyang mantepp

BIGO HOT Goyang mantepp
play_arrow
693
19

Суровая Россия r12 работа с техникой 7

Суровая Россия r12 работа с техникой 7
play_arrow
274
2

Azure Availability Sets Tutorial | How to create VM's in Availability set | Azure Availability Zones

Azure Availability Sets Tutorial | How to create VM's in Availability set | Azure Availability Zones
play_arrow
175,851
1.6 тыс

Lenas Life Part 1 (Vore Animation)

Lenas Life Part 1 (Vore Animation)
play_arrow
6,156
75

COSTCO в Торонто ЦЕНЫ НА ПРОДУКТЫ | Оптовый магазин обзор | Жизнь в Канаде

COSTCO в Торонто ЦЕНЫ НА ПРОДУКТЫ | Оптовый магазин обзор | Жизнь в Канаде
play_arrow
70,996
557

ВВС: История математики | Часть 4 За пределы бесконечности

ВВС: История математики | Часть 4 За пределы бесконечности
play_arrow
65
6

Sumber sumber Konflik dalam keluarga

Sumber sumber Konflik dalam keluarga
play_arrow
1,283
18

Anakin vs. Obi-Wan (Mashup)

Anakin vs. Obi-Wan (Mashup)
Похожие видео
play_arrow
Install ggshield On macOS Using Signed .pkg Files

Install ggshield On macOS Using Signed .pkg Files
play_arrow
Detect Secrets In Microsoft Teams With GitGuardian

Detect Secrets In Microsoft Teams With GitGuardian
play_arrow
Designing Secure and Private Software by Default with Chris Romeo from devici

Designing Secure and Private Software by Default with Chris Romeo from devici
play_arrow
How Bouygues Telecom reduced their secrets by 60%

How Bouygues Telecom reduced their secrets by 60%
play_arrow
Delivering Security on Your Terms: An Intro to Self-Hosted

Delivering Security on Your Terms: An Intro to Self-Hosted
play_arrow
Find And Remediate Secrets In Confluence Cloud With GitGuardian

Find And Remediate Secrets In Confluence Cloud With GitGuardian
play_arrow
Introducing GitGuardian's Remediation Location & Tracking

Introducing GitGuardian's Remediation Location & Tracking
play_arrow
Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

Secrets in Plain Sight: Unveiling over 1 million secrets on public websites
play_arrow
How to augment DevSecOps with AI?

How to augment DevSecOps with AI?
play_arrow
Unlock Use Cases for Successful Secrets Security

Unlock Use Cases for Successful Secrets Security
play_arrow
Extending Snyk's Power Holistic Security with New GitGuardian Integration

Extending Snyk's Power Holistic Security with New GitGuardian Integration
play_arrow
How to build a better security and developer relationship?

How to build a better security and developer relationship?
play_arrow
Thousands of Secrets Leaked... Now How to Remediate?

Thousands of Secrets Leaked... Now How to Remediate?
play_arrow
Defend Against Open Source Supply Chains Risks

Defend Against Open Source Supply Chains Risks
play_arrow
Address Security Issues Before They Hit Production with Docker Scout

Address Security Issues Before They Hit Production with Docker Scout
play_arrow
Secure Your Software Delivery Pipeline

Secure Your Software Delivery Pipeline
play_arrow
How Bazaarvoice revoked 75% of exposed secrets within 3 months

How Bazaarvoice revoked 75% of exposed secrets within 3 months
play_arrow
How GitGuardian Enhanced Vermeer's Software Development Security

How GitGuardian Enhanced Vermeer's Software Development Security
play_arrow
How GitGuardian Provides Peace of Mind for Kubefirst

How GitGuardian Provides Peace of Mind for Kubefirst
play_arrow
Code Fast, Secure Smarter: The Dual Path of AI Development

Code Fast, Secure Smarter: The Dual Path of AI Development
play_arrow
Securing the Supply Chain - Automating our Way Out of Security Whack-a-Mole

Securing the Supply Chain - Automating our Way Out of Security Whack-a-Mole
play_arrow
Introducing GitGuardian's Advanced Jira Cloud integration

Introducing GitGuardian's Advanced Jira Cloud integration
play_arrow
Understanding AI Package Hallucination: The latest dependency security threat

Understanding AI Package Hallucination: The latest dependency security threat
play_arrow
What is ASPM - Application Security Posture Management Defined

What is ASPM - Application Security Posture Management Defined