Logo Politecnico di Torino
ENIT
WebThesis

Identification of hard-coded secrets in GitHub through NLP-based scanners

Federico Germinario

Identification of hard-coded secrets in GitHub through NLP-based scanners.

Rel. Giuseppe Rizzo. Politecnico di Torino, Master of science program in Data Science And Engineering, 2023

Abstract

The exposure of hard-coded credentials inside source code is listed as one of the most dangerous vulnerabilities, due to the possibility for an attacker to gain unauthorized access to internal and external services. The automatic identification of secrets inside public and private repositories still represents a challenging problem to tackle, due to the different nature of credentials and snippets and the lack of specific and reliable benchmark datasets. Previous works have focused on the use of regular expressions and entropy-based approaches for the discovery of a limited number and specific structured strings with distinct formats such as API Keys, but ignoring unstructured credentials such as passwords.

We propose, with this work, an NLP-based solution to identify structured and unstructured hard-coded credentials in source code for various programming languages

Relators

Giuseppe Rizzo

Academic year

2022/23

Publication type

Electronic

Number of Pages

98

Additional Information

Tesi secretata. Fulltext non presente

Course of studies

Master of science program in Data Science And Engineering

Classe di laurea

New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING

Ente in cotutela

INSTITUT EURECOM (FRANCIA)

Aziende collaboratrici

SAP Labs France

URI

https://webthesis.biblio.polito.it/id/eprint/26683
Modify record (reserved for operators) Modify record (reserved for operators)
Logo Politecnico di Torino