Sign up to save your podcasts
Or
Share Secrets inside packages, scanning Python PyPi for credentials with Tom Forbes
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Secrets inside packages, scanning Python PyPi for credentials with Tom Forbes
In this episode, we sit down with Tom Forbes to discuss his 'side project gone wrong' and how he found live AWS credentials inside many Python packages hosted on PyPi.
Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some research, he discovered live AWS secrets in the source code and went on a journey to discover how many secrets there actually were inside PyPi packages. In this episode, Dwayne and Mackenzie dive into Toms's research to discover how the project started and what people can do to protect their secrets.
View all episodes
By Mackenzie Jackson & Dwayne McDanielIn this episode, we sit down with Tom Forbes to discuss his 'side project gone wrong' and how he found live AWS credentials inside many Python packages hosted on PyPi.
Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some research, he discovered live AWS secrets in the source code and went on a journey to discover how many secrets there actually were inside PyPi packages. In this episode, Dwayne and Mackenzie dive into Toms's research to discover how the project started and what people can do to protect their secrets.